Overview

overview

10

Static

static

1f2f65ef1c...2d.exe

windows7_x64

8

1f2f65ef1c...2d.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1f2f65ef1c3fb25eb078a61a9e1a3b01bbac9c502294df72b45faaa19687b42d

  • Size

    958KB

  • Sample

    220612-xeag6sfgb5

  • MD5

    f1192a02588dfb2051b7524545a7d0f3

  • SHA1

    0569b1b17c61f8d79d207fd12433689ae386cb4f

  • SHA256

    1f2f65ef1c3fb25eb078a61a9e1a3b01bbac9c502294df72b45faaa19687b42d

  • SHA512

    f25b0ede75346db5c7aa6a68130a1c1661f0135d3fbc7af7ee4e96bbd2c1cde500ef7f480541743df4ef4241bc2b66f4304e2364b6444552857eead13ec173f3

Score
10/10
imminentspywaretrojan

Malware Config

Targets

    • Target

      1f2f65ef1c3fb25eb078a61a9e1a3b01bbac9c502294df72b45faaa19687b42d

    • Size

      958KB

    • MD5

      f1192a02588dfb2051b7524545a7d0f3

    • SHA1

      0569b1b17c61f8d79d207fd12433689ae386cb4f

    • SHA256

      1f2f65ef1c3fb25eb078a61a9e1a3b01bbac9c502294df72b45faaa19687b42d

    • SHA512

      f25b0ede75346db5c7aa6a68130a1c1661f0135d3fbc7af7ee4e96bbd2c1cde500ef7f480541743df4ef4241bc2b66f4304e2364b6444552857eead13ec173f3

    Score
    10/10
    imminentspywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks