General

  • Target

    3595580527a7739a0a96f70bd805d1e89b77c6bfd239a17b6e63ba604885dfe9

  • Size

    1.2MB

  • Sample

    221029-sysqmscec4

  • MD5

    7132076fe70278fbe2dda128cc366475

  • SHA1

    2f855ab609d76ad9a0e82b57e7989a9a1860dd77

  • SHA256

    3595580527a7739a0a96f70bd805d1e89b77c6bfd239a17b6e63ba604885dfe9

  • SHA512

    162f6eec3460c6fdcb78be5f0ca4a54e29894c1afae606e7e8e6a73e42f4a84185648ebcda8ae0ba09ede694418a44513e099c20403df0a8cb1522e780413b51

  • SSDEEP

    24576:Dtb20pkACqT5TBWgNQ7ar+P2ZPGhv05szsKp6A:Arg5tQ7ar+TvBf5

Malware Config

Targets

    • Target

      3595580527a7739a0a96f70bd805d1e89b77c6bfd239a17b6e63ba604885dfe9

    • Size

      1.2MB

    • MD5

      7132076fe70278fbe2dda128cc366475

    • SHA1

      2f855ab609d76ad9a0e82b57e7989a9a1860dd77

    • SHA256

      3595580527a7739a0a96f70bd805d1e89b77c6bfd239a17b6e63ba604885dfe9

    • SHA512

      162f6eec3460c6fdcb78be5f0ca4a54e29894c1afae606e7e8e6a73e42f4a84185648ebcda8ae0ba09ede694418a44513e099c20403df0a8cb1522e780413b51

    • SSDEEP

      24576:Dtb20pkACqT5TBWgNQ7ar+P2ZPGhv05szsKp6A:Arg5tQ7ar+TvBf5

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Drops desktop.ini file(s)

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks