Overview

overview

10

Static

static

0fd8311de0...a4.exe

windows7_x64

10

0fd8311de0...a4.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0fd8311de0d69aff8c8b798eebb9ef78d12f7ae75c08e8dbceeeb37a31b675a4

  • Size

    582KB

  • Sample

    220604-rmpn6sagf2

  • MD5

    00601e36339af691cae7f774543bbeff

  • SHA1

    219bf2198c46b702219adb4f97b09e70c8d287d6

  • SHA256

    0fd8311de0d69aff8c8b798eebb9ef78d12f7ae75c08e8dbceeeb37a31b675a4

  • SHA512

    8c416a9798380fc3ed9ad7fe079b179d015e8501b6061e3b26f71446317d6e76f264faf715a7df834b8de9dab77d349ec6b5c75ec0aeb9aa90c9cb9015d7c797

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      0fd8311de0d69aff8c8b798eebb9ef78d12f7ae75c08e8dbceeeb37a31b675a4

    • Size

      582KB

    • MD5

      00601e36339af691cae7f774543bbeff

    • SHA1

      219bf2198c46b702219adb4f97b09e70c8d287d6

    • SHA256

      0fd8311de0d69aff8c8b798eebb9ef78d12f7ae75c08e8dbceeeb37a31b675a4

    • SHA512

      8c416a9798380fc3ed9ad7fe079b179d015e8501b6061e3b26f71446317d6e76f264faf715a7df834b8de9dab77d349ec6b5c75ec0aeb9aa90c9cb9015d7c797

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks