Overview

overview

10

Static

static

6d51c2ebe4...49.exe

windows7_x64

8

6d51c2ebe4...49.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6d51c2ebe467adf6852e4a8b6d456ee696f75a970705c2ad692cb1f1e8b31049

  • Size

    605KB

  • Sample

    220609-qjdbasgdfm

  • MD5

    7b69e3aaba970c25b40fad29a564a0cf

  • SHA1

    6af0a8634ef3003ccbc743c7ed8869ec2c560042

  • SHA256

    6d51c2ebe467adf6852e4a8b6d456ee696f75a970705c2ad692cb1f1e8b31049

  • SHA512

    bba40d253de3c19f4c2f890c04d7482b0012f872e1198cc03882ccb08be7c0cdca9bf5b3b6a924e7f2ea337d34ee809fd3c10aa12c15bed036d828dea53e0546

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      6d51c2ebe467adf6852e4a8b6d456ee696f75a970705c2ad692cb1f1e8b31049

    • Size

      605KB

    • MD5

      7b69e3aaba970c25b40fad29a564a0cf

    • SHA1

      6af0a8634ef3003ccbc743c7ed8869ec2c560042

    • SHA256

      6d51c2ebe467adf6852e4a8b6d456ee696f75a970705c2ad692cb1f1e8b31049

    • SHA512

      bba40d253de3c19f4c2f890c04d7482b0012f872e1198cc03882ccb08be7c0cdca9bf5b3b6a924e7f2ea337d34ee809fd3c10aa12c15bed036d828dea53e0546

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks