General

  • Target

    e481d4881a3189a1f38ed1a1d5de98c177004f94896c1780f0c5dbf3d6675f4e

  • Size

    288KB

  • Sample

    221029-r3eh5sbhfj

  • MD5

    e8b9822f038f6493b75f7406c3d9c034

  • SHA1

    64dec7efb1ac73a3fc8070f8f8cc4f643bc1ac7a

  • SHA256

    e481d4881a3189a1f38ed1a1d5de98c177004f94896c1780f0c5dbf3d6675f4e

  • SHA512

    948c132dcff502b817a85a8115893197c086d5ced73dbeec12e95f4fb60888694cd5172b2ebb341608070d81aaf1926861290a9329150363a170c2f512502171

  • SSDEEP

    6144:whwxaxI9sBV1wbDmi5KblR0QJJuhDu5qcCvKhVVncAX1L:wyxXK1Ymi5sR0MqqLCvs6A

Malware Config

Targets

    • Target

      e481d4881a3189a1f38ed1a1d5de98c177004f94896c1780f0c5dbf3d6675f4e

    • Size

      288KB

    • MD5

      e8b9822f038f6493b75f7406c3d9c034

    • SHA1

      64dec7efb1ac73a3fc8070f8f8cc4f643bc1ac7a

    • SHA256

      e481d4881a3189a1f38ed1a1d5de98c177004f94896c1780f0c5dbf3d6675f4e

    • SHA512

      948c132dcff502b817a85a8115893197c086d5ced73dbeec12e95f4fb60888694cd5172b2ebb341608070d81aaf1926861290a9329150363a170c2f512502171

    • SSDEEP

      6144:whwxaxI9sBV1wbDmi5KblR0QJJuhDu5qcCvKhVVncAX1L:wyxXK1Ymi5sR0MqqLCvs6A

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks