General

  • Target

    ef399fead4a7158e1df3c8545e7db50abcf38da47e381351523fa01c2f6b8bd2

  • Size

    1.4MB

  • Sample

    221001-26qqpacfar

  • MD5

    7ce5f7a405d6b2cb65226f9a471dc690

  • SHA1

    d2ff0b3f6288da4b0fb3f31085df7d2eb34ba524

  • SHA256

    ef399fead4a7158e1df3c8545e7db50abcf38da47e381351523fa01c2f6b8bd2

  • SHA512

    97d71eb030df7ede2c4683117d7fc2fbf9831c6a166ca8e69c4037a739b8220454e6ca752061fe9f629a22586d1066be3f986b5dd97b2f8358a09bbda7d3128a

  • SSDEEP

    24576:dtb20pkACqT5TBWgNQ7a0I1VP+oB8pRIlYWtB5aOsZ6A:Org5tQ7aBTPMIlY2b45

Malware Config

Targets

    • Target

      ef399fead4a7158e1df3c8545e7db50abcf38da47e381351523fa01c2f6b8bd2

    • Size

      1.4MB

    • MD5

      7ce5f7a405d6b2cb65226f9a471dc690

    • SHA1

      d2ff0b3f6288da4b0fb3f31085df7d2eb34ba524

    • SHA256

      ef399fead4a7158e1df3c8545e7db50abcf38da47e381351523fa01c2f6b8bd2

    • SHA512

      97d71eb030df7ede2c4683117d7fc2fbf9831c6a166ca8e69c4037a739b8220454e6ca752061fe9f629a22586d1066be3f986b5dd97b2f8358a09bbda7d3128a

    • SSDEEP

      24576:dtb20pkACqT5TBWgNQ7a0I1VP+oB8pRIlYWtB5aOsZ6A:Org5tQ7aBTPMIlY2b45

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

    • Modifies WinLogon for persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks