<![CDATA[Malware is currently growing rapidly, diverse and complex. But, human resources that can carry out malware analysis is limited, because special expertise is needed.Reverse engineering is one of many solution that can carry out malware analysis, because reverse engineering techniques can reveal malware code. On March 5, 2018, found spam email containing files, the file contained malware flawed ammyy. This flawed ammyy is a software that comes from Ammyy Admin version 3 and then misused by hackers TA505. This study aims to identify the malware, especially the Flawed Ammyy RAT malware. This research uses descriptive methodology, then to do malware analysis used dynamic analysis and reverse engineering methods. The results of the study show that the Flawed Ammyy RAT malware works by hiding in the Ammyy Admin application then connecting to the attacker with ip address 103.208.86.69. netname ip address 103.208.86.69 is zappie host. There are 50 registry changes that are carried out by malware on infected systems. After the attacker has been connected with the victim, the attacker can easily do the remote control without the victim's knowledge.]]>
Copyrights © 2018
