General

  • Target

    a803afe93e3bd05372453458b16b107373804eb9c620eef062e5d099d80c4f4a

  • Size

    475KB

  • Sample

    221029-sczbascdam

  • MD5

    4473bc09f2f358973b05ab262aa80650

  • SHA1

    1fcb71d2f5a3d8ac397827b1db17a9a24a0fac73

  • SHA256

    a803afe93e3bd05372453458b16b107373804eb9c620eef062e5d099d80c4f4a

  • SHA512

    b535af19233cf9553d08f1830959b6773dc3191865def29b5d814ae31831bc9da86d168d2b5459664aacea33945cdf53e8f192b8d7c7078df54962b2791e015f

  • SSDEEP

    6144:HjmQ2sdoE4duLm3P2g5KYuxvWJH5ogtpLAKXDU89ZEs9UctljtdduYWfYXPLtMp:HjmQ2vSLy2NVwZogLLDB5UIjdnH

Malware Config

Targets

    • Target

      a803afe93e3bd05372453458b16b107373804eb9c620eef062e5d099d80c4f4a

    • Size

      475KB

    • MD5

      4473bc09f2f358973b05ab262aa80650

    • SHA1

      1fcb71d2f5a3d8ac397827b1db17a9a24a0fac73

    • SHA256

      a803afe93e3bd05372453458b16b107373804eb9c620eef062e5d099d80c4f4a

    • SHA512

      b535af19233cf9553d08f1830959b6773dc3191865def29b5d814ae31831bc9da86d168d2b5459664aacea33945cdf53e8f192b8d7c7078df54962b2791e015f

    • SSDEEP

      6144:HjmQ2sdoE4duLm3P2g5KYuxvWJH5ogtpLAKXDU89ZEs9UctljtdduYWfYXPLtMp:HjmQ2vSLy2NVwZogLLDB5UIjdnH

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v6

Tasks