Overview

overview

10

Static

static

2068129d42...df.exe

windows7_x64

10

2068129d42...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2068129d42c8f0cb823de524f18d9059366d1b04a60bb30b43d0802d99e478df

  • Size

    398KB

  • Sample

    220612-pvxcwabhdm

  • MD5

    ac6060b00387cfcca3e778ccb4583c49

  • SHA1

    b464662f091a529d1aacc5541ac7434b93a8a90e

  • SHA256

    2068129d42c8f0cb823de524f18d9059366d1b04a60bb30b43d0802d99e478df

  • SHA512

    6ffda94366f3f0ffeba950d2e554f81df120e2d006ca9327cdc69e0baf5a83f42d612c4f0f89db06997faf738be99cd26687cfc1b61829223d759fe175ee66bb

Score
10/10
imminentspywaretrojan

Malware Config

Targets

    • Target

      2068129d42c8f0cb823de524f18d9059366d1b04a60bb30b43d0802d99e478df

    • Size

      398KB

    • MD5

      ac6060b00387cfcca3e778ccb4583c49

    • SHA1

      b464662f091a529d1aacc5541ac7434b93a8a90e

    • SHA256

      2068129d42c8f0cb823de524f18d9059366d1b04a60bb30b43d0802d99e478df

    • SHA512

      6ffda94366f3f0ffeba950d2e554f81df120e2d006ca9327cdc69e0baf5a83f42d612c4f0f89db06997faf738be99cd26687cfc1b61829223d759fe175ee66bb

    Score
    10/10
    imminentspywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks