Overview

overview

10

Static

static

0966c6a011...00.exe

windows7_x64

10

0966c6a011...00.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0966c6a01169b4863d1a0a33911f13b686f3bd5ca2978ad3ad8829cf40d16900

  • Size

    339KB

  • Sample

    220530-xategsfcd9

  • MD5

    2fbd194b2d68b2cd446a33efb244e4b7

  • SHA1

    3cd0c6228067bb8fbac20e04a18e46aef4ee2d9e

  • SHA256

    0966c6a01169b4863d1a0a33911f13b686f3bd5ca2978ad3ad8829cf40d16900

  • SHA512

    cb3276da5d5e371d5f697741ed0c215b038d946dcce1583a682c615c39b0aa07533376f095cf1eeac111e53adfe26d3118a618cca14bddd3866762b22960791d

Score
10/10
imminentspywaretrojan

Malware Config

Targets

    • Target

      0966c6a01169b4863d1a0a33911f13b686f3bd5ca2978ad3ad8829cf40d16900

    • Size

      339KB

    • MD5

      2fbd194b2d68b2cd446a33efb244e4b7

    • SHA1

      3cd0c6228067bb8fbac20e04a18e46aef4ee2d9e

    • SHA256

      0966c6a01169b4863d1a0a33911f13b686f3bd5ca2978ad3ad8829cf40d16900

    • SHA512

      cb3276da5d5e371d5f697741ed0c215b038d946dcce1583a682c615c39b0aa07533376f095cf1eeac111e53adfe26d3118a618cca14bddd3866762b22960791d

    Score
    10/10
    imminentspywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks