Overview

overview

10

Static

static

4d823e5e6f...56.exe

windows7_x64

10

4d823e5e6f...56.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4d823e5e6f2c1cbc25cf8c8c601d90f393e9d97da807b208f8afd0bed6e1cb56

  • Size

    727KB

  • Sample

    220712-dae3baach5

  • MD5

    e3760fd9c58c8a0db6f3e56726cb870a

  • SHA1

    4abb50e2126c6c001a715f2cb5b365c72a89fe76

  • SHA256

    4d823e5e6f2c1cbc25cf8c8c601d90f393e9d97da807b208f8afd0bed6e1cb56

  • SHA512

    ab39a5953f9bf6292140256cd91028ec2538f4d07cad979c5bdb43a6a1b0c95ef5fc0a16dac7f0ab27bb983765b004e54fe9742c9e295aa5853b6f961960771b

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      4d823e5e6f2c1cbc25cf8c8c601d90f393e9d97da807b208f8afd0bed6e1cb56

    • Size

      727KB

    • MD5

      e3760fd9c58c8a0db6f3e56726cb870a

    • SHA1

      4abb50e2126c6c001a715f2cb5b365c72a89fe76

    • SHA256

      4d823e5e6f2c1cbc25cf8c8c601d90f393e9d97da807b208f8afd0bed6e1cb56

    • SHA512

      ab39a5953f9bf6292140256cd91028ec2538f4d07cad979c5bdb43a6a1b0c95ef5fc0a16dac7f0ab27bb983765b004e54fe9742c9e295aa5853b6f961960771b

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks