![]() ![]() It can drop malware onto the infected machine such as ransomware. Remote access opens a lot of windows and security threats to the machine. It allows remote access by establishing a connection to the client IP and ports where the server connects. Since Ammyy Admin is a remote desktop tool, it allows several different things to happen to a victim’s machine once installed by a cyber criminal. Because of this, the macro’s shell command replaces the value from the registry entry to the malware’s location This allows the the malware to be executed opposed to Microsoft’s mmc.exe. Oftentimes, alongside the Remcos RAT, a malicious document macro that is developed to bypass Microsoft Windows’ UAC security and execute malware with high privilege is utilized. The documents contain a macro that executes a shell command that is used to essentially download and run malware.Ī UAC-bypass technique under Microsoft’s Event Viewer (eventvwr.exe) is ued to hijack the HKCU\Software\Classes\mscfile\shell\open\command registry. ![]() The Ammyy Admin RAT is typically distributed by spam email campaigns inside malicious Microsoft Office document attachments that incorporate the malware. ![]() Ammyy Admin is a RAT ( Remote Administration Tool) or backdoor Trojan that is often used to drop payloads of malware such as ransomware onto a computer. ![]()
0 Comments
Leave a Reply. |