Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

FlawedAmmyy Malware Information

    • Updated:
    • 31 Jul 2019
    • Product/Version:
    • Apex One 2019.All
    • Deep Discovery Email Inspector 3.5
    • Deep Discovery Inspector 5.1
    • Deep Security 12.0
    • OfficeScan XG.All
    • Worry-Free Business Security Standard/Advanced 10.0
    • Platform:
    • N/A N/A
Summary

FlawedAmmyy is a remote access Trojan (RAT) which is based on leaked Ammyy Admin software. Ammyy Admin is a popular remote access tool used by businesses and consumers to handle remote control and diagnostics on Microsoft Windows machines which makes the FlawedAmmyy RAT to exhibit the functionality of the leaked version, including remote desktop control, file system manager, proxy support and audio chat.

FlawedAmmyy was used in both massive campaigns such as phishing campaigns, to potentially create a large base of compromised computers, as well as targeted campaigns that create opportunities for actors to steal customer data, proprietary information, and more. In the latest campaign of TA505 which is a prolific Cybercriminal group known for attacks against multiple financial institutions and retail companies, they started using HTML attachments to deliver malicious .XLS files that lead to downloader and backdoor FlawedAmmyy, mostly to target South Korean users.

Upon infection, the RAT can enable potential attackers to perform a variety of malicious activities such as:

  • Gain complete access to PCs’ camera and microphone
  • Capture screenshots
  • Access a variety of services, steal files and credentials
  • Steal customer data, proprietary information and more

Capabilities

  • Information Theft
  • Backdoor commands

Impact

  • Financial Loss - steals financial information of user
  • Compromise system security - with backdoor capabilities that can execute malicious commands
  • Violation of user privacy - gains complete access to camera and microphone of user

Infection Routine

infection routine

File Reputation

Detection/Policy/RulesPattern Branch/VersionRelease Date
Trojan.W97M.FLAWEDAMMY.AC
Backdoor.Win32.FLAWEDAMMY.AN
Trojan.X97M.FLAWEDAMMYY.C
Trojan.Win32.FLAWEDAMMYY.AA
Trojan.HTML.FLAWEDAMMYY.E
Backdoor.Win32.FLAWEDAMMY.SMA
ENT OPR 15.196.04June 25, 2019

Predictive Machine Learning

DetectionPattern Branch/Version
Troj.Win32.TRX.XXPE50FFF031
Downloader.VBA.TRX.XXVBAF01FF004K0010
In-the-cloud

Web Reputation

Detection/Policy/RulesPattern Branch/Version
URL ProtectionIn-the-cloud

Anti Spam

Pattern Branch/VersionRelease Date
AS Pattern 4690June 18, 2019
Details
Public

Solution Map - What should customers do?

Trend Micro SolutionMajor ProductLatest VersionVirus PatternAnti-Spam PatternPredictive Machine LearningWeb Reputation





Endpoint Security
ApexOne2019

Update pattern via web console
Not Applicable
Enable Predictive Machine Learning


Enable Web Reputation Service and update pattern via web console
OfficeScanXG (12.0)

Worry-Free Business Security
Standard (10.0)
Advanced (10.0)Update pattern via web console
Hybrid Cloud Security
Deep Security
12.0Update pattern via web consoleNot ApplicableEnable Predictive Machine LearningEnable Web Reputation Service and update pattern via web console





Email and Gateway Security
Deep Discovery Email Inspector3.5




Update pattern via web console





Update pattern via web console





Not Applicable




Enable Web Reputation Service and update pattern via web console
InterScan Messaging Security9.1
InterScan Web Security6.5
ScanMail for Microsoft Exchange14.0
Network SecurityDeep Discovery Inspector5.5Update pattern via web consoleNot ApplicableNot ApplicableEnable Web Reputation Service and update pattern via web console

Recommendations

Threat Report

Blogs

Premium
Internal
Rating:
Category:
Remove a Malware / Virus
Solution Id:
1123301
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.