Overview

overview

10

Static

static

fd15068c26...7b.exe

windows7_x64

10

fd15068c26...7b.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fd15068c26f74a47f6a695c76d53553a92d3e729e83b7723f40906ea1c87d37b

  • Size

    641KB

  • Sample

    220609-qhsdtsgdeq

  • MD5

    a7cc22a454d392a89b62d779f5b0c724

  • SHA1

    29f76685bbe7cf3fcfc8a20d8fe6c147559e8269

  • SHA256

    fd15068c26f74a47f6a695c76d53553a92d3e729e83b7723f40906ea1c87d37b

  • SHA512

    01d44612685d287327bb0599b73bdc80da2db18bfc30ceb3ecbf2dd4cadea6db116fe84534d1b0781a32246c5258aeafce78e5dd96dddfc760b2ca23fe496db8

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      fd15068c26f74a47f6a695c76d53553a92d3e729e83b7723f40906ea1c87d37b

    • Size

      641KB

    • MD5

      a7cc22a454d392a89b62d779f5b0c724

    • SHA1

      29f76685bbe7cf3fcfc8a20d8fe6c147559e8269

    • SHA256

      fd15068c26f74a47f6a695c76d53553a92d3e729e83b7723f40906ea1c87d37b

    • SHA512

      01d44612685d287327bb0599b73bdc80da2db18bfc30ceb3ecbf2dd4cadea6db116fe84534d1b0781a32246c5258aeafce78e5dd96dddfc760b2ca23fe496db8

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks