Overview

overview

10

Static

static

a8e161de22...60.exe

windows7_x64

8

a8e161de22...60.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a8e161de2277a80e3a1bf5ded35cceb210a17fd59fb1b0c02bb9b49a0c04af60

  • Size

    603KB

  • Sample

    220609-qjdbasgdfl

  • MD5

    c654ad00856161108b90c5d0f2afbda1

  • SHA1

    b180d0990c63757cf0f5c28070a1d0621f626647

  • SHA256

    a8e161de2277a80e3a1bf5ded35cceb210a17fd59fb1b0c02bb9b49a0c04af60

  • SHA512

    e7dd4cc76a7898e1a189fccdcd5b75f86eec6e10a5ff709c96a16e8472d28211f75657077b7996c124ada569872e80fb045e21dd63e92c41477f9ad21380b99b

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      a8e161de2277a80e3a1bf5ded35cceb210a17fd59fb1b0c02bb9b49a0c04af60

    • Size

      603KB

    • MD5

      c654ad00856161108b90c5d0f2afbda1

    • SHA1

      b180d0990c63757cf0f5c28070a1d0621f626647

    • SHA256

      a8e161de2277a80e3a1bf5ded35cceb210a17fd59fb1b0c02bb9b49a0c04af60

    • SHA512

      e7dd4cc76a7898e1a189fccdcd5b75f86eec6e10a5ff709c96a16e8472d28211f75657077b7996c124ada569872e80fb045e21dd63e92c41477f9ad21380b99b

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks