Overview

overview

10

Static

static

fc1125999e...84.exe

windows7_x64

10

fc1125999e...84.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fc1125999eec3147ac164d2d5fe082f877e139c27728f81fea25dcb596718d84

  • Size

    732KB

  • Sample

    220609-qg73wscgc2

  • MD5

    a3f0468657e66c72f67b7867b4c03b0f

  • SHA1

    1d7355e2f8020131bca18c4b8e071e4df620c02a

  • SHA256

    fc1125999eec3147ac164d2d5fe082f877e139c27728f81fea25dcb596718d84

  • SHA512

    f57bc731e3db8c5192384fc4190b4695f1e62df21db593a5e57c20b6b812ea034d330940cc6f7aa050ac0520108bf044dfd59e9401bb78b245f7c83101f33b54

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      fc1125999eec3147ac164d2d5fe082f877e139c27728f81fea25dcb596718d84

    • Size

      732KB

    • MD5

      a3f0468657e66c72f67b7867b4c03b0f

    • SHA1

      1d7355e2f8020131bca18c4b8e071e4df620c02a

    • SHA256

      fc1125999eec3147ac164d2d5fe082f877e139c27728f81fea25dcb596718d84

    • SHA512

      f57bc731e3db8c5192384fc4190b4695f1e62df21db593a5e57c20b6b812ea034d330940cc6f7aa050ac0520108bf044dfd59e9401bb78b245f7c83101f33b54

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks