Overview

overview

10

Static

static

7249ca2605...5f.exe

windows7-x64

10

7249ca2605...5f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7249ca26058758465845ed038fe455193dbe5a4032ab7bc25a7abe3e8094485f

  • Size

    756KB

  • Sample

    220725-ebk6dsdefp

  • MD5

    eecb1dd95cc48c5aa0039f4c4082e32b

  • SHA1

    7d5bfe1034d21123cd1c20cfba3807820ce38bd7

  • SHA256

    7249ca26058758465845ed038fe455193dbe5a4032ab7bc25a7abe3e8094485f

  • SHA512

    c382f856a950403a31151521ad7c0c25d7ce3ecd91f133014d4b6e2f8ee270b94c5c6521cf02db6bce1719a373306d1f1f2f48895cb9ed99c203ff0d989285f1

Score
10/10
imminentspywaretrojan

Malware Config

Targets

    • Target

      7249ca26058758465845ed038fe455193dbe5a4032ab7bc25a7abe3e8094485f

    • Size

      756KB

    • MD5

      eecb1dd95cc48c5aa0039f4c4082e32b

    • SHA1

      7d5bfe1034d21123cd1c20cfba3807820ce38bd7

    • SHA256

      7249ca26058758465845ed038fe455193dbe5a4032ab7bc25a7abe3e8094485f

    • SHA512

      c382f856a950403a31151521ad7c0c25d7ce3ecd91f133014d4b6e2f8ee270b94c5c6521cf02db6bce1719a373306d1f1f2f48895cb9ed99c203ff0d989285f1

    Score
    10/10
    imminentspywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks