Overview

overview

10

Static

static

b06b1b63f2...18.exe

windows7-x64

10

b06b1b63f2...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b06b1b63f2c5bf8b006a1fddb047fcce497c3f88b567c0a482654a5311d14318

  • Size

    360KB

  • Sample

    221020-zy8kesegg2

  • MD5

    a0395a0ccb533b872fd9e9a63c430520

  • SHA1

    09476da68986c048f1851bcddc436fb9c0d11e65

  • SHA256

    b06b1b63f2c5bf8b006a1fddb047fcce497c3f88b567c0a482654a5311d14318

  • SHA512

    cb141e0665c337ddd553ab3f8cc3e14e5f1d4a89958709aa4c130a5875bfefa0aa73563281c54a6d23acabefb0a63fb30dd5ff354a109d1348eba6b5aaec0dc3

  • SSDEEP

    6144:+n+wXnY+ekpe677x86YHSIUQhtTjc6CDas9PtpxQqZ+JMOtg4aWssII8y:+rekUExQzht/cCs1xQKOkRs0y

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      b06b1b63f2c5bf8b006a1fddb047fcce497c3f88b567c0a482654a5311d14318

    • Size

      360KB

    • MD5

      a0395a0ccb533b872fd9e9a63c430520

    • SHA1

      09476da68986c048f1851bcddc436fb9c0d11e65

    • SHA256

      b06b1b63f2c5bf8b006a1fddb047fcce497c3f88b567c0a482654a5311d14318

    • SHA512

      cb141e0665c337ddd553ab3f8cc3e14e5f1d4a89958709aa4c130a5875bfefa0aa73563281c54a6d23acabefb0a63fb30dd5ff354a109d1348eba6b5aaec0dc3

    • SSDEEP

      6144:+n+wXnY+ekpe677x86YHSIUQhtTjc6CDas9PtpxQqZ+JMOtg4aWssII8y:+rekUExQzht/cCs1xQKOkRs0y

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks