Overview

overview

10

Static

static

4dd1523861...ea.exe

windows7-x64

8

4dd1523861...ea.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4dd152386109c14fc4bbee1e91f26e55263373c27b2ef89b5914cc087b00a8ea

  • Size

    582KB

  • Sample

    220720-ydbjhshdgj

  • MD5

    b3a024c846610229a6f30e71437d4c20

  • SHA1

    611a1023aa4c921d02ab0a1222fbb3bfc9c6bae2

  • SHA256

    4dd152386109c14fc4bbee1e91f26e55263373c27b2ef89b5914cc087b00a8ea

  • SHA512

    3a7da88358adf1004c35def812432b734d1b8ebba967efebf8ca6c107ae7492849baceb7064cc880ede4abd412ad52f08f0a9ab0464aa9898775d59fa1c9706c

Score
10/10
imminentspywaretrojan

Malware Config

Targets

    • Target

      4dd152386109c14fc4bbee1e91f26e55263373c27b2ef89b5914cc087b00a8ea

    • Size

      582KB

    • MD5

      b3a024c846610229a6f30e71437d4c20

    • SHA1

      611a1023aa4c921d02ab0a1222fbb3bfc9c6bae2

    • SHA256

      4dd152386109c14fc4bbee1e91f26e55263373c27b2ef89b5914cc087b00a8ea

    • SHA512

      3a7da88358adf1004c35def812432b734d1b8ebba967efebf8ca6c107ae7492849baceb7064cc880ede4abd412ad52f08f0a9ab0464aa9898775d59fa1c9706c

    Score
    10/10
    imminentspywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks