Overview

overview

10

Static

static

399bd1e4de...dc.exe

windows7_x64

10

399bd1e4de...dc.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    399bd1e4de465b964dfb97dc0b11b6600293d22f0176283de181f2172eb4dedc

  • Size

    880KB

  • Sample

    220609-qjdbascgf6

  • MD5

    e2f9aabb2e7969efd71694e749093c8b

  • SHA1

    c3cad4660ccb5a47ee36f73edbd52458cbb0fe08

  • SHA256

    399bd1e4de465b964dfb97dc0b11b6600293d22f0176283de181f2172eb4dedc

  • SHA512

    3267ee395d16b12bb7f734d328e26bebd39e74420478fd38994b99cacdca8734251450f15d535f52075ce71d493df261cd8bc864a0246df6fca63623f0436d0e

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      399bd1e4de465b964dfb97dc0b11b6600293d22f0176283de181f2172eb4dedc

    • Size

      880KB

    • MD5

      e2f9aabb2e7969efd71694e749093c8b

    • SHA1

      c3cad4660ccb5a47ee36f73edbd52458cbb0fe08

    • SHA256

      399bd1e4de465b964dfb97dc0b11b6600293d22f0176283de181f2172eb4dedc

    • SHA512

      3267ee395d16b12bb7f734d328e26bebd39e74420478fd38994b99cacdca8734251450f15d535f52075ce71d493df261cd8bc864a0246df6fca63623f0436d0e

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks