General

  • Target

    1285e6795ba5bfce053f06ef0294d905b8232a49949f6d5e0f54767b0aa3c7df

  • Size

    1.8MB

  • Sample

    221029-l2zj2acder

  • MD5

    ea782275c1bb27082a299dc3cf210dde

  • SHA1

    3e1237d9965a5fce404154cd3a8583da6a3312a4

  • SHA256

    1285e6795ba5bfce053f06ef0294d905b8232a49949f6d5e0f54767b0aa3c7df

  • SHA512

    4a19dd7de63fd17df99a7552d206d5eb4a0d3a12ebe79cf24c580ca88ed4e9c18e3fdb795154899becba4e87ac85b9952493d6326e6ef66f86004f0c0883c244

  • SSDEEP

    49152:PKxsFoq3ZDUcvA0YzmPfndN4HKcw0aUBT2N:P8sRJJYzm3f4HQEBT

Malware Config

Targets

    • Target

      1285e6795ba5bfce053f06ef0294d905b8232a49949f6d5e0f54767b0aa3c7df

    • Size

      1.8MB

    • MD5

      ea782275c1bb27082a299dc3cf210dde

    • SHA1

      3e1237d9965a5fce404154cd3a8583da6a3312a4

    • SHA256

      1285e6795ba5bfce053f06ef0294d905b8232a49949f6d5e0f54767b0aa3c7df

    • SHA512

      4a19dd7de63fd17df99a7552d206d5eb4a0d3a12ebe79cf24c580ca88ed4e9c18e3fdb795154899becba4e87ac85b9952493d6326e6ef66f86004f0c0883c244

    • SSDEEP

      49152:PKxsFoq3ZDUcvA0YzmPfndN4HKcw0aUBT2N:P8sRJJYzm3f4HQEBT

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks