Overview

overview

10

Static

static

49ce1d96e7...e0.exe

windows7-x64

10

49ce1d96e7...e0.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    49ce1d96e7fdc16cbc811ccb1f2b9e9ef5707ec197aba27c0b2470f01d8cd7e0

  • Size

    668KB

  • Sample

    221029-bt9pxsfba8

  • MD5

    888a77b6e9bd69eb9d8aa7f881f68c71

  • SHA1

    0d6089d04f9aa0d971332b1eb84657edea710b00

  • SHA256

    49ce1d96e7fdc16cbc811ccb1f2b9e9ef5707ec197aba27c0b2470f01d8cd7e0

  • SHA512

    e7d465fd9a41ac9516ff1174590b9f2ae76c43229f144f14329e4349e9c7e7d4a27fe2052a01b9e40b16cb78bfdad967ffe7815a8610595e8789bea672f5499e

  • SSDEEP

    12288:K8J1tecQ4+ZIev77cqIBYVGada0lxWh74no4U2B:KeXf+Kej7cqp4uU74no12

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      49ce1d96e7fdc16cbc811ccb1f2b9e9ef5707ec197aba27c0b2470f01d8cd7e0

    • Size

      668KB

    • MD5

      888a77b6e9bd69eb9d8aa7f881f68c71

    • SHA1

      0d6089d04f9aa0d971332b1eb84657edea710b00

    • SHA256

      49ce1d96e7fdc16cbc811ccb1f2b9e9ef5707ec197aba27c0b2470f01d8cd7e0

    • SHA512

      e7d465fd9a41ac9516ff1174590b9f2ae76c43229f144f14329e4349e9c7e7d4a27fe2052a01b9e40b16cb78bfdad967ffe7815a8610595e8789bea672f5499e

    • SSDEEP

      12288:K8J1tecQ4+ZIev77cqIBYVGada0lxWh74no4U2B:KeXf+Kej7cqp4uU74no12

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks