Overview

overview

10

Static

static

085af04b09...06.exe

windows7_x64

8

085af04b09...06.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    085af04b094fa4ace83e52e475d99fefd9050099dba73b11c63308920fb87406

  • Size

    1.0MB

  • Sample

    220530-13xt6achf3

  • MD5

    630f1f1db8de6ebd3194537bcba93320

  • SHA1

    e8d63e33bc211c4be7805401812b041c2b229ff7

  • SHA256

    085af04b094fa4ace83e52e475d99fefd9050099dba73b11c63308920fb87406

  • SHA512

    c66e3404db29d5bbeab8b14b4428f83cf3472223f7ffafe165a3d4c2a8d0aa5d40c1127fd4ab4936b43ccff9d0298d0e82b8b01eda59ca5b2da238bdccc1e249

Score
10/10
imminentspywaretrojan

Malware Config

Targets

    • Target

      085af04b094fa4ace83e52e475d99fefd9050099dba73b11c63308920fb87406

    • Size

      1.0MB

    • MD5

      630f1f1db8de6ebd3194537bcba93320

    • SHA1

      e8d63e33bc211c4be7805401812b041c2b229ff7

    • SHA256

      085af04b094fa4ace83e52e475d99fefd9050099dba73b11c63308920fb87406

    • SHA512

      c66e3404db29d5bbeab8b14b4428f83cf3472223f7ffafe165a3d4c2a8d0aa5d40c1127fd4ab4936b43ccff9d0298d0e82b8b01eda59ca5b2da238bdccc1e249

    Score
    10/10
    imminentspywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks