Overview

overview

10

Static

static

e416b3a40c...55.exe

windows7_x64

10

e416b3a40c...55.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e416b3a40c7cf76136240060a9fa73dada24df81cea3d29781adea870448ef55

  • Size

    736KB

  • Sample

    220609-qg73wscgb9

  • MD5

    50064c54922a98dc1182c481e5af6dd4

  • SHA1

    9f23dfe16be1ce5f054b0a82cb38316c0ff923ce

  • SHA256

    e416b3a40c7cf76136240060a9fa73dada24df81cea3d29781adea870448ef55

  • SHA512

    6d1d0a5f1239d2c3d8d46793e5227e020d039e4deb48189c6921f0a2ac6fcd7edccd09a7f10084269a60c0cb3709bce19811e2631d5613395f8f365414f02de6

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      e416b3a40c7cf76136240060a9fa73dada24df81cea3d29781adea870448ef55

    • Size

      736KB

    • MD5

      50064c54922a98dc1182c481e5af6dd4

    • SHA1

      9f23dfe16be1ce5f054b0a82cb38316c0ff923ce

    • SHA256

      e416b3a40c7cf76136240060a9fa73dada24df81cea3d29781adea870448ef55

    • SHA512

      6d1d0a5f1239d2c3d8d46793e5227e020d039e4deb48189c6921f0a2ac6fcd7edccd09a7f10084269a60c0cb3709bce19811e2631d5613395f8f365414f02de6

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks