General

  • Target

    9a2331b63d5e27e87251482e6ba383baff32d626afb77c59687a31e1c2e02b2a

  • Size

    268KB

  • Sample

    221119-hteywadg41

  • MD5

    2683cb4133169096b088bba3c828a720

  • SHA1

    3801d2683c4bcad746d135d5c9556e70dbce10c4

  • SHA256

    9a2331b63d5e27e87251482e6ba383baff32d626afb77c59687a31e1c2e02b2a

  • SHA512

    835fb86675ed5546536d2db842758b35d073b3c4a2e3839f68a94c8e5b9e207f2d4e4e1e1c88acda324eadc6e48029d437a8996984c2b4641020415bf7e4b8ce

  • SSDEEP

    6144:uli2fwiGeTY19aTu89tuirFciNKprLY0fX+eFKyr:+wiGeUjGttFZcRp3YwFK

Malware Config

Targets

    • Target

      9a2331b63d5e27e87251482e6ba383baff32d626afb77c59687a31e1c2e02b2a

    • Size

      268KB

    • MD5

      2683cb4133169096b088bba3c828a720

    • SHA1

      3801d2683c4bcad746d135d5c9556e70dbce10c4

    • SHA256

      9a2331b63d5e27e87251482e6ba383baff32d626afb77c59687a31e1c2e02b2a

    • SHA512

      835fb86675ed5546536d2db842758b35d073b3c4a2e3839f68a94c8e5b9e207f2d4e4e1e1c88acda324eadc6e48029d437a8996984c2b4641020415bf7e4b8ce

    • SSDEEP

      6144:uli2fwiGeTY19aTu89tuirFciNKprLY0fX+eFKyr:+wiGeUjGttFZcRp3YwFK

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v6

Tasks