Overview

overview

10

Static

static

1f4a1144ad...b9.exe

windows7_x64

10

1f4a1144ad...b9.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1f4a1144ad086e49a22f267346509461c503ad815a1bcc1210b7803282ddbdb9

  • Size

    808KB

  • Sample

    220612-w2xqjsfbe8

  • MD5

    295336d2300f36222053ac4e75883764

  • SHA1

    d1a8b339d466b0b827cf607fd8fdeb7ed1b85295

  • SHA256

    1f4a1144ad086e49a22f267346509461c503ad815a1bcc1210b7803282ddbdb9

  • SHA512

    eceb31db79c3c8cec7aef2492f9dcc24ec9a0b6711dea807ac3e30671b26ef2266e8b9e2ffb47c1a4977fb764328ab7571d51e5e218471bb63e1ab337e8a8cdd

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      1f4a1144ad086e49a22f267346509461c503ad815a1bcc1210b7803282ddbdb9

    • Size

      808KB

    • MD5

      295336d2300f36222053ac4e75883764

    • SHA1

      d1a8b339d466b0b827cf607fd8fdeb7ed1b85295

    • SHA256

      1f4a1144ad086e49a22f267346509461c503ad815a1bcc1210b7803282ddbdb9

    • SHA512

      eceb31db79c3c8cec7aef2492f9dcc24ec9a0b6711dea807ac3e30671b26ef2266e8b9e2ffb47c1a4977fb764328ab7571d51e5e218471bb63e1ab337e8a8cdd

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks