Overview

overview

10

Static

static

46af351d06...95.exe

windows7_x64

10

46af351d06...95.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    46af351d0685f27032ecfb403db30cbf3a866422426255ed9180210846c7d095

  • Size

    475KB

  • Sample

    220707-jwj62sfheq

  • MD5

    16d748352329dd9038fd1d562be4e56e

  • SHA1

    f66fb78ebe6a1f0314d82c7b2e59e4d2932e21b3

  • SHA256

    46af351d0685f27032ecfb403db30cbf3a866422426255ed9180210846c7d095

  • SHA512

    104f981bc02d9ea7893bd6910497c8c7fb18d618c6a786c6c470472b2f7584fad4b5adceb2c83ae87def8f7e63bb4b11a1027aa66be1d887171d2a2f57c4b64a

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      46af351d0685f27032ecfb403db30cbf3a866422426255ed9180210846c7d095

    • Size

      475KB

    • MD5

      16d748352329dd9038fd1d562be4e56e

    • SHA1

      f66fb78ebe6a1f0314d82c7b2e59e4d2932e21b3

    • SHA256

      46af351d0685f27032ecfb403db30cbf3a866422426255ed9180210846c7d095

    • SHA512

      104f981bc02d9ea7893bd6910497c8c7fb18d618c6a786c6c470472b2f7584fad4b5adceb2c83ae87def8f7e63bb4b11a1027aa66be1d887171d2a2f57c4b64a

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks