Overview

overview

10

Static

static

38b0f78426...32.exe

windows7-x64

10

38b0f78426...32.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    38b0f78426b72b4179f2e1c9cd9945f78df9dfeaf38aa21147331cd337043232

  • Size

    634KB

  • Sample

    221030-qgl6eschgp

  • MD5

    84bd85c6f679bb0fc50e691a4b3d4f70

  • SHA1

    a06beb8f7fc0182de7718a6cb5d13d08b59644d9

  • SHA256

    38b0f78426b72b4179f2e1c9cd9945f78df9dfeaf38aa21147331cd337043232

  • SHA512

    939955d9135346c1039879457f9c3fc12aea2bd1d0534e7f3ddc5d9baa4e853872451e454c30d07619130cc05f9caeb584ffc2f6c6ea1353c4a985bd7a4275f7

  • SSDEEP

    12288:kpS1YzkSLN6qVFXPCiIOCvk3t7aFjIeC:kpBLIqVF9tf

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      38b0f78426b72b4179f2e1c9cd9945f78df9dfeaf38aa21147331cd337043232

    • Size

      634KB

    • MD5

      84bd85c6f679bb0fc50e691a4b3d4f70

    • SHA1

      a06beb8f7fc0182de7718a6cb5d13d08b59644d9

    • SHA256

      38b0f78426b72b4179f2e1c9cd9945f78df9dfeaf38aa21147331cd337043232

    • SHA512

      939955d9135346c1039879457f9c3fc12aea2bd1d0534e7f3ddc5d9baa4e853872451e454c30d07619130cc05f9caeb584ffc2f6c6ea1353c4a985bd7a4275f7

    • SSDEEP

      12288:kpS1YzkSLN6qVFXPCiIOCvk3t7aFjIeC:kpBLIqVF9tf

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks