Overview

overview

10

Static

static

ca5c0b76c5...fb.exe

windows7-x64

10

ca5c0b76c5...fb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ca5c0b76c5986b81a65d81cde68587e8fd25ee57d26bc56e44d929e07c15d2fb

  • Size

    469KB

  • Sample

    221122-wly9facb54

  • MD5

    4d04796c636b32ac9288d72952a19da3

  • SHA1

    a408c6b1a4d265423b2ef44bc156840551d2689d

  • SHA256

    ca5c0b76c5986b81a65d81cde68587e8fd25ee57d26bc56e44d929e07c15d2fb

  • SHA512

    7423cd6d7e77a3f87baebd5a82dc45a06439f9861f1e933ce0686abefd9611b2cba09c086f11b82545e4a1a104a18fd151a28b15b5827fdcbe1b8ebb569f84a8

  • SSDEEP

    6144:34CxbFm6x26wBUN+RIYbVvkHBIhy9+f4Vctl/CUw879fcBZNMFb69cABEqaJgmbG:34QVxtLEmYwIB4VIBwpUFb8ZFaJgmK

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      ca5c0b76c5986b81a65d81cde68587e8fd25ee57d26bc56e44d929e07c15d2fb

    • Size

      469KB

    • MD5

      4d04796c636b32ac9288d72952a19da3

    • SHA1

      a408c6b1a4d265423b2ef44bc156840551d2689d

    • SHA256

      ca5c0b76c5986b81a65d81cde68587e8fd25ee57d26bc56e44d929e07c15d2fb

    • SHA512

      7423cd6d7e77a3f87baebd5a82dc45a06439f9861f1e933ce0686abefd9611b2cba09c086f11b82545e4a1a104a18fd151a28b15b5827fdcbe1b8ebb569f84a8

    • SSDEEP

      6144:34CxbFm6x26wBUN+RIYbVvkHBIhy9+f4Vctl/CUw879fcBZNMFb69cABEqaJgmbG:34QVxtLEmYwIB4VIBwpUFb8ZFaJgmK

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks