General
-
Target
9fb8f0c2d645870c4b48701a1ef84503b54d203f4cec54ae4bfb30e5f754c2d4
-
Size
747KB
-
Sample
220609-qjdl3acgg2
-
MD5
20c57c5efa39d963d3a1470c5b1e0b36
-
SHA1
f54426d900e40925483ad6a1c1a22fe3864eb709
-
SHA256
9fb8f0c2d645870c4b48701a1ef84503b54d203f4cec54ae4bfb30e5f754c2d4
-
SHA512
bfdb9becb9edcfb369c602587b429c3e6822d6df9d2884f195507c77a753588556b9d54cf07695a1c1949cb0b0f87c4a835c2ebfa22ec74b5182d8c7c2997934
Malware Config
Targets
-
-
Target
9fb8f0c2d645870c4b48701a1ef84503b54d203f4cec54ae4bfb30e5f754c2d4
-
Size
747KB
-
MD5
20c57c5efa39d963d3a1470c5b1e0b36
-
SHA1
f54426d900e40925483ad6a1c1a22fe3864eb709
-
SHA256
9fb8f0c2d645870c4b48701a1ef84503b54d203f4cec54ae4bfb30e5f754c2d4
-
SHA512
bfdb9becb9edcfb369c602587b429c3e6822d6df9d2884f195507c77a753588556b9d54cf07695a1c1949cb0b0f87c4a835c2ebfa22ec74b5182d8c7c2997934
Score10/10-
Imminent RAT
Remote-access trojan based on Imminent Monitor remote admin software.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-