Overview

overview

10

Static

static

4b4e6ac65a...44.exe

windows7_x64

10

4b4e6ac65a...44.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4b4e6ac65aa4105222ad5c80cdf7d42fe2c3535d28546a247ec1985c7a32c844

  • Size

    552KB

  • Sample

    220609-qgm3qagdbn

  • MD5

    ef9f19525e7862fb71175c0bbfe74247

  • SHA1

    d0089e3a0321566ce085e65e79aac5bc42b1ea06

  • SHA256

    4b4e6ac65aa4105222ad5c80cdf7d42fe2c3535d28546a247ec1985c7a32c844

  • SHA512

    57f802f6847dfeb5dd135cc12219adf662dc9ec7ff4cc6d176bff6ee92e4c477a7580282ec349336734918e730e6950da6865ddd1e88fb6045e2b79f7761757a

Score
10/10
imminentagilenetpersistencespywaretrojan

Malware Config

Targets

    • Target

      4b4e6ac65aa4105222ad5c80cdf7d42fe2c3535d28546a247ec1985c7a32c844

    • Size

      552KB

    • MD5

      ef9f19525e7862fb71175c0bbfe74247

    • SHA1

      d0089e3a0321566ce085e65e79aac5bc42b1ea06

    • SHA256

      4b4e6ac65aa4105222ad5c80cdf7d42fe2c3535d28546a247ec1985c7a32c844

    • SHA512

      57f802f6847dfeb5dd135cc12219adf662dc9ec7ff4cc6d176bff6ee92e4c477a7580282ec349336734918e730e6950da6865ddd1e88fb6045e2b79f7761757a

    Score
    10/10
    imminentagilenetpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks