Overview

overview

10

Static

static

8645356d9f...05.exe

windows7_x64

10

8645356d9f...05.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8645356d9f3fcbdbda84294d29dbf377eea4893ba884c0d134cd75505a204405

  • Size

    655KB

  • Sample

    220701-f27bzsfee2

  • MD5

    2ab8e07333108029f754bdc92030b073

  • SHA1

    a7dd4f9d53a10b3caa0b7b5ef7cf005060c14f00

  • SHA256

    8645356d9f3fcbdbda84294d29dbf377eea4893ba884c0d134cd75505a204405

  • SHA512

    a2709774fc4b8d307bcff51d4dc382c03e189d8568f2d5737583e2370597c7404f11f2e4f34c7289b6521acb32d0391cd82008ea3137e8f02864045afa49e265

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      8645356d9f3fcbdbda84294d29dbf377eea4893ba884c0d134cd75505a204405

    • Size

      655KB

    • MD5

      2ab8e07333108029f754bdc92030b073

    • SHA1

      a7dd4f9d53a10b3caa0b7b5ef7cf005060c14f00

    • SHA256

      8645356d9f3fcbdbda84294d29dbf377eea4893ba884c0d134cd75505a204405

    • SHA512

      a2709774fc4b8d307bcff51d4dc382c03e189d8568f2d5737583e2370597c7404f11f2e4f34c7289b6521acb32d0391cd82008ea3137e8f02864045afa49e265

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks