Overview

overview

10

Static

static

4ab258871e...06.exe

windows7_x64

3

4ab258871e...06.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4ab258871e20f9249533c808727fa8b6520bc56424a88a40f5e689cba4e6f706

  • Size

    649KB

  • Sample

    220712-pmah5scge2

  • MD5

    ea8c8008dc1f3f4025baec1d16495917

  • SHA1

    145c3e9890d665a5a98a32935e6e50e81885c5a8

  • SHA256

    4ab258871e20f9249533c808727fa8b6520bc56424a88a40f5e689cba4e6f706

  • SHA512

    ce94265ed85e11ddad87e6b0bbeb69cf275087e03775fcd4acaca751b454797a07b243cf3485fe7180281289b5a73aeafe088417d3fa376c141b61fb8433f4f3

Score
10/10
imminentspywaretrojan

Malware Config

Targets

    • Target

      4ab258871e20f9249533c808727fa8b6520bc56424a88a40f5e689cba4e6f706

    • Size

      649KB

    • MD5

      ea8c8008dc1f3f4025baec1d16495917

    • SHA1

      145c3e9890d665a5a98a32935e6e50e81885c5a8

    • SHA256

      4ab258871e20f9249533c808727fa8b6520bc56424a88a40f5e689cba4e6f706

    • SHA512

      ce94265ed85e11ddad87e6b0bbeb69cf275087e03775fcd4acaca751b454797a07b243cf3485fe7180281289b5a73aeafe088417d3fa376c141b61fb8433f4f3

    Score
    10/10
    imminentspywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks