Overview

overview

10

Static

static

5

56a811fd6d...ea.exe

windows7-x64

10

56a811fd6d...ea.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    56a811fd6dffbdc6ea4fd497fbb2d3db0d47045deba2d235d6fe13c3cd73faea

  • Size

    1.2MB

  • Sample

    221019-s75rkaefej

  • MD5

    a18dcc398139154de6b694db84b46a20

  • SHA1

    c75bea6cad85a87e42c2b4e6e3e756bdc78e15b5

  • SHA256

    56a811fd6dffbdc6ea4fd497fbb2d3db0d47045deba2d235d6fe13c3cd73faea

  • SHA512

    a3617cdfc1573addecd06628ba210265203aa6213565cc6dc7b655fc186b9a24bffb20c9b600c5db5701375aaa7f1c6e67659c3f33e28ec837a0c10a6dab1fdf

  • SSDEEP

    24576:3tb20pkaCqT5TBWgNQ7aLoc2Zwkw2Id1gq3JA36A:0Vg5tQ7aLoc2FFId1gq3JG5

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      56a811fd6dffbdc6ea4fd497fbb2d3db0d47045deba2d235d6fe13c3cd73faea

    • Size

      1.2MB

    • MD5

      a18dcc398139154de6b694db84b46a20

    • SHA1

      c75bea6cad85a87e42c2b4e6e3e756bdc78e15b5

    • SHA256

      56a811fd6dffbdc6ea4fd497fbb2d3db0d47045deba2d235d6fe13c3cd73faea

    • SHA512

      a3617cdfc1573addecd06628ba210265203aa6213565cc6dc7b655fc186b9a24bffb20c9b600c5db5701375aaa7f1c6e67659c3f33e28ec837a0c10a6dab1fdf

    • SSDEEP

      24576:3tb20pkaCqT5TBWgNQ7aLoc2Zwkw2Id1gq3JA36A:0Vg5tQ7aLoc2FFId1gq3JG5

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks