Overview

overview

10

Static

static

pic2347.exe

windows7-x64

10

pic2347.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cb042a1253d6619982a9d42cf4a868282079974731caf8b2f4f505f8ae1debd1

  • Size

    1.3MB

  • Sample

    221024-fr128aeee8

  • MD5

    2a607eba4bbfb6949aaf351214f7d16b

  • SHA1

    d86492429d95fd755c70e555b7ea15f37ca474d9

  • SHA256

    cb042a1253d6619982a9d42cf4a868282079974731caf8b2f4f505f8ae1debd1

  • SHA512

    91c93253de70ca91f5f8237eed9dbce8c745b79000b8493cf48a2a5e0c808fb20777a8471a7040579cacb7b10824ab94ac3742c3ea209369c94a527d5121ef29

  • SSDEEP

    24576:n9o3/jRzTSc8L7ZfD6rEPMD4snmJzSQdwo/z7jpNsVCMue5F5vNVbQj2IrX++:n+Sd7lDtPM+zSuf/rpqI0TbIP

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      pic2347.exe

    • Size

      1.5MB

    • MD5

      76c50fc59cf9443401dcba88de75eee7

    • SHA1

      bd0cffd8034d9c75fc79af972d291001cf141ebf

    • SHA256

      5b0d2f2a32ec566a150f0a016d4bcbc853a6324a22ff7367212226d1d4534a98

    • SHA512

      0152875aaac2d56f7ad9f93db8c6b37979884b72487fe9e59ef5b1c362f8a9b03871a3ce301d04da2508c72f886ac0c6f6abbdccc53c2d0bea8fb255520c1ada

    • SSDEEP

      24576:eagVgYh/PhQnxk/7J0vpkoG854t3h0VwraXL8i1OwdtnBX4z2G3hLQhS:DgVgYh/PhQxk/7J0h28C0VpX4Tw62ehL

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks