General

  • Target

    c727a0856eb82a40b891d09f262817eb4cd61fe116d9e4337cfef420b2864cab

  • Size

    354KB

  • Sample

    221003-a2fldahda8

  • MD5

    6742b8f2ce2a31ea67be7a05b27a7450

  • SHA1

    ea8db160fa12648a1b1819c82c2db25205f51c84

  • SHA256

    c727a0856eb82a40b891d09f262817eb4cd61fe116d9e4337cfef420b2864cab

  • SHA512

    8cdab5ad6991187cceb1201d4c762aea5ac4dcaaa2ed90d24a07bcb90edb141d5c6c26f4a783cc7a795f6f8d2b81db45175c2e836585e57d9369be6f8e6fff3a

  • SSDEEP

    3072:owi51kpjgUdkY8NvGKISQ69TKDWVmXKi+rnd2q4HXEcKCDEakrraOmU84qAUJbXO:EopjgUqY8MSkWVdQDjgToNNvDROyEbZ

Malware Config

Targets

    • Target

      c727a0856eb82a40b891d09f262817eb4cd61fe116d9e4337cfef420b2864cab

    • Size

      354KB

    • MD5

      6742b8f2ce2a31ea67be7a05b27a7450

    • SHA1

      ea8db160fa12648a1b1819c82c2db25205f51c84

    • SHA256

      c727a0856eb82a40b891d09f262817eb4cd61fe116d9e4337cfef420b2864cab

    • SHA512

      8cdab5ad6991187cceb1201d4c762aea5ac4dcaaa2ed90d24a07bcb90edb141d5c6c26f4a783cc7a795f6f8d2b81db45175c2e836585e57d9369be6f8e6fff3a

    • SSDEEP

      3072:owi51kpjgUdkY8NvGKISQ69TKDWVmXKi+rnd2q4HXEcKCDEakrraOmU84qAUJbXO:EopjgUqY8MSkWVdQDjgToNNvDROyEbZ

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v6

Tasks