Overview

overview

10

Static

static

11f63ddfb7...72.exe

windows7-x64

10

11f63ddfb7...72.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11f63ddfb71a41d3d8899e65783bf60053f4dc9335ab32adacd41543c3845072

  • Size

    367KB

  • Sample

    221121-28mf2see51

  • MD5

    4cd35a7fecaacbff98897773a7328161

  • SHA1

    d4212fd5f5fc183e47e06059faa72df99431c79e

  • SHA256

    11f63ddfb71a41d3d8899e65783bf60053f4dc9335ab32adacd41543c3845072

  • SHA512

    9b41801e0556ab7155537f150e6748b6d0b4361918d8be7668d347c273d1abd53712aba44ec3f734fbf4b1e1517dc162d7a8a3c8ab42d59b53ca3b0e28558e45

  • SSDEEP

    6144:st0cWX5uAgeqDoxNAhkxvIgbmSPbEu47C5siUVLrNSyzEkNk0vWhV:3RX5u0FSkFI8mqMAFqrNSCEjphV

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      11f63ddfb71a41d3d8899e65783bf60053f4dc9335ab32adacd41543c3845072

    • Size

      367KB

    • MD5

      4cd35a7fecaacbff98897773a7328161

    • SHA1

      d4212fd5f5fc183e47e06059faa72df99431c79e

    • SHA256

      11f63ddfb71a41d3d8899e65783bf60053f4dc9335ab32adacd41543c3845072

    • SHA512

      9b41801e0556ab7155537f150e6748b6d0b4361918d8be7668d347c273d1abd53712aba44ec3f734fbf4b1e1517dc162d7a8a3c8ab42d59b53ca3b0e28558e45

    • SSDEEP

      6144:st0cWX5uAgeqDoxNAhkxvIgbmSPbEu47C5siUVLrNSyzEkNk0vWhV:3RX5u0FSkFI8mqMAFqrNSCEjphV

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks