Overview

overview

10

Static

static

2519333f67...dd.exe

windows7_x64

10

2519333f67...dd.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2519333f678d3c74ed5716f727b06e7abf19c1f89443f4faf7009f18310b35dd

  • Size

    1.4MB

  • Sample

    220611-yycx3segdl

  • MD5

    694aa9683c3724a4785928fa907347dd

  • SHA1

    fb3d6f38eef23f80b0aa4131a6c7e7748615f57e

  • SHA256

    2519333f678d3c74ed5716f727b06e7abf19c1f89443f4faf7009f18310b35dd

  • SHA512

    533685d04658c23a6ff4c65e65df03775b5ff8b571032b8bbb826515679f0094a1c9d79f81ef7452f68d7c25440216790f95487cdd83858b915b997846559d52

Score
10/10
imminentspywaretrojan

Malware Config

Targets

    • Target

      2519333f678d3c74ed5716f727b06e7abf19c1f89443f4faf7009f18310b35dd

    • Size

      1.4MB

    • MD5

      694aa9683c3724a4785928fa907347dd

    • SHA1

      fb3d6f38eef23f80b0aa4131a6c7e7748615f57e

    • SHA256

      2519333f678d3c74ed5716f727b06e7abf19c1f89443f4faf7009f18310b35dd

    • SHA512

      533685d04658c23a6ff4c65e65df03775b5ff8b571032b8bbb826515679f0094a1c9d79f81ef7452f68d7c25440216790f95487cdd83858b915b997846559d52

    Score
    10/10
    imminentspywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks