Overview

overview

10

Static

static

490eb76d8c...bd.exe

windows7_x64

10

490eb76d8c...bd.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    490eb76d8c614a6a4b6a463f3898b752001d330e5ef4a8b69756570260f25ebd

  • Size

    320KB

  • Sample

    220714-bc4scahge3

  • MD5

    c9d745c1b0fbdc39e61af869ba5b9c6e

  • SHA1

    84230dd47a0ae5cdbf4d91599872e6b5aaeb3aff

  • SHA256

    490eb76d8c614a6a4b6a463f3898b752001d330e5ef4a8b69756570260f25ebd

  • SHA512

    24b236e4d69a134a40a15bb0f595bdd122ab1063fdf9272653249085b8710d16a98baf89988ea33d7a97758a0d586607b612215e240902ceeb0692e10397fe80

Score
10/10
imminentspywaretrojan

Malware Config

Targets

    • Target

      490eb76d8c614a6a4b6a463f3898b752001d330e5ef4a8b69756570260f25ebd

    • Size

      320KB

    • MD5

      c9d745c1b0fbdc39e61af869ba5b9c6e

    • SHA1

      84230dd47a0ae5cdbf4d91599872e6b5aaeb3aff

    • SHA256

      490eb76d8c614a6a4b6a463f3898b752001d330e5ef4a8b69756570260f25ebd

    • SHA512

      24b236e4d69a134a40a15bb0f595bdd122ab1063fdf9272653249085b8710d16a98baf89988ea33d7a97758a0d586607b612215e240902ceeb0692e10397fe80

    Score
    10/10
    imminentspywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks