General

  • Target

    d1b958353020c2d0f1f6dfda38d088a137d83715c41ae056def611eb59b1f8e3

  • Size

    646KB

  • Sample

    220724-zq7yxsgah6

  • MD5

    e58a489c64c2ef3645750a6f32cdb33b

  • SHA1

    795e1300ddf9e19c1081f56858e193f6a523a724

  • SHA256

    d1b958353020c2d0f1f6dfda38d088a137d83715c41ae056def611eb59b1f8e3

  • SHA512

    5a57321cbc1fa268e8db8fa5295a900abbc55d5f95d7a2eef9d40ccc0e84be79c02013de86b83d42c1dd1a52208cbc8fec2d32455917b70ca389a9aca8183970

Score
10/10

Malware Config

Targets

    • Target

      d1b958353020c2d0f1f6dfda38d088a137d83715c41ae056def611eb59b1f8e3

    • Size

      646KB

    • MD5

      e58a489c64c2ef3645750a6f32cdb33b

    • SHA1

      795e1300ddf9e19c1081f56858e193f6a523a724

    • SHA256

      d1b958353020c2d0f1f6dfda38d088a137d83715c41ae056def611eb59b1f8e3

    • SHA512

      5a57321cbc1fa268e8db8fa5295a900abbc55d5f95d7a2eef9d40ccc0e84be79c02013de86b83d42c1dd1a52208cbc8fec2d32455917b70ca389a9aca8183970

    Score
    10/10
    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks