General

  • Target

    58684c12f0caf644e309ac3d6e6c5df5aeba4587f3df79cb1ebb80478891a12d

  • Size

    323KB

  • Sample

    220724-rwwtvaffg4

  • MD5

    58291fe36f1e9ef90cf028e9a4c7a5eb

  • SHA1

    f44877c367764185148c316100bb3cfb1214b1c6

  • SHA256

    58684c12f0caf644e309ac3d6e6c5df5aeba4587f3df79cb1ebb80478891a12d

  • SHA512

    61b9c9a1f4217d962543fc6bc7a602bfd9244cf9474b70a04c5690859b96cf1762c78113f4d85aba7675b36ce0cff817ac7a1ad29cc18e2fcceefdcd05f39774

Malware Config

Targets

    • Target

      58684c12f0caf644e309ac3d6e6c5df5aeba4587f3df79cb1ebb80478891a12d

    • Size

      323KB

    • MD5

      58291fe36f1e9ef90cf028e9a4c7a5eb

    • SHA1

      f44877c367764185148c316100bb3cfb1214b1c6

    • SHA256

      58684c12f0caf644e309ac3d6e6c5df5aeba4587f3df79cb1ebb80478891a12d

    • SHA512

      61b9c9a1f4217d962543fc6bc7a602bfd9244cf9474b70a04c5690859b96cf1762c78113f4d85aba7675b36ce0cff817ac7a1ad29cc18e2fcceefdcd05f39774

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks