Overview

overview

10

Static

static

74fd2131b4...1a.exe

windows7-x64

10

74fd2131b4...1a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    74fd2131b4067a703629f07166467f28c1fd96d58143c45ca5cd741bb1f1cc1a

  • Size

    1.7MB

  • Sample

    221122-w9n4dada94

  • MD5

    575efa7c7559db67471ddd64608c9381

  • SHA1

    b40b8ad805b235a076bc94d40ef99a97e66ab8cb

  • SHA256

    74fd2131b4067a703629f07166467f28c1fd96d58143c45ca5cd741bb1f1cc1a

  • SHA512

    12642ded18c7dbf18c5c68220ac92a1b37c7f8e0bfa8a52079010763e08f50284281294c874122142e8fa1ba4a9297ab603ef5284f07af9b0f3deae935742c68

  • SSDEEP

    24576:r0otxM+C8vJNWRbElPprVE3fil1s7QlqIR28WV8+t6FZVAAb6amPA9MBzgK:Ptf3qR/alCklqIgF8+tuAs6a+Jp

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      74fd2131b4067a703629f07166467f28c1fd96d58143c45ca5cd741bb1f1cc1a

    • Size

      1.7MB

    • MD5

      575efa7c7559db67471ddd64608c9381

    • SHA1

      b40b8ad805b235a076bc94d40ef99a97e66ab8cb

    • SHA256

      74fd2131b4067a703629f07166467f28c1fd96d58143c45ca5cd741bb1f1cc1a

    • SHA512

      12642ded18c7dbf18c5c68220ac92a1b37c7f8e0bfa8a52079010763e08f50284281294c874122142e8fa1ba4a9297ab603ef5284f07af9b0f3deae935742c68

    • SSDEEP

      24576:r0otxM+C8vJNWRbElPprVE3fil1s7QlqIR28WV8+t6FZVAAb6amPA9MBzgK:Ptf3qR/alCklqIgF8+tuAs6a+Jp

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks