General

  • Target

    3b7fc8611a9f65e9ab82a1b5fb02ea59c6c7da37e80b209d49b9756fd5756d5f

  • Size

    880KB

  • Sample

    220703-tq5wnsgccl

  • MD5

    2adfba3ba976cef8b07500644687b193

  • SHA1

    eafc72d2c8f4964a0fb4da3678fbe20dad41fa0b

  • SHA256

    3b7fc8611a9f65e9ab82a1b5fb02ea59c6c7da37e80b209d49b9756fd5756d5f

  • SHA512

    bf157cdefe145f664aab99ab51fc8df31b69b32f36c989961871487656324bba358dc4b8832b80e39ce81ac343abae20024244d6291960632320506f45be634f

Malware Config

Targets

    • Target

      3b7fc8611a9f65e9ab82a1b5fb02ea59c6c7da37e80b209d49b9756fd5756d5f

    • Size

      880KB

    • MD5

      2adfba3ba976cef8b07500644687b193

    • SHA1

      eafc72d2c8f4964a0fb4da3678fbe20dad41fa0b

    • SHA256

      3b7fc8611a9f65e9ab82a1b5fb02ea59c6c7da37e80b209d49b9756fd5756d5f

    • SHA512

      bf157cdefe145f664aab99ab51fc8df31b69b32f36c989961871487656324bba358dc4b8832b80e39ce81ac343abae20024244d6291960632320506f45be634f

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks