General

  • Target

    532856fb0deaa8eae84400f25b6d03359db9a7316af586d94e1bbd82a55f10da

  • Size

    444KB

  • Sample

    220609-qjdl3acgg3

  • MD5

    e9e4ded00a733fdee91ee142436242f4

  • SHA1

    1b8fa1ff498a4f65c0ce778f3a918e4fed6f2728

  • SHA256

    532856fb0deaa8eae84400f25b6d03359db9a7316af586d94e1bbd82a55f10da

  • SHA512

    8e70d47876717c7d1342b7173aef4422175bc6bcdb4ccdbc43e2f2ca01adb0d7d030b739c414cba8c9a08d213e9522f28b893da1ab12ff24a6923acf7561bfe1

Malware Config

Targets

    • Target

      532856fb0deaa8eae84400f25b6d03359db9a7316af586d94e1bbd82a55f10da

    • Size

      444KB

    • MD5

      e9e4ded00a733fdee91ee142436242f4

    • SHA1

      1b8fa1ff498a4f65c0ce778f3a918e4fed6f2728

    • SHA256

      532856fb0deaa8eae84400f25b6d03359db9a7316af586d94e1bbd82a55f10da

    • SHA512

      8e70d47876717c7d1342b7173aef4422175bc6bcdb4ccdbc43e2f2ca01adb0d7d030b739c414cba8c9a08d213e9522f28b893da1ab12ff24a6923acf7561bfe1

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks