Overview

overview

10

Static

static

0ac47dda8d...1c.exe

windows7-x64

10

0ac47dda8d...1c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0ac47dda8d3cb2482db0b10cd2ae4638f32c4d391be712683efc8f4ba69dae1c

  • Size

    459KB

  • Sample

    221123-l2p1lach33

  • MD5

    e9aeafc92e21b4def3a74ff327b73fee

  • SHA1

    695720f543b00cdec8b5cd7b69f23837e2a7b4ba

  • SHA256

    0ac47dda8d3cb2482db0b10cd2ae4638f32c4d391be712683efc8f4ba69dae1c

  • SHA512

    a044cb257d962596e78a9ada15629bdfbe59ce013095adb3a648cfe3cf43c3881eeef5eec3eb7844c68053ec5035216864a7e63780faf8ba542b7192e53974ab

  • SSDEEP

    6144:ujuuRW+fiGP25VqzRB/9vkPceNEsrRgDFWGfwvkfzzgNqA0fJXnIZOF:ujub/GeD8HDeNEsr+cGfwvk7ze0iMF

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      0ac47dda8d3cb2482db0b10cd2ae4638f32c4d391be712683efc8f4ba69dae1c

    • Size

      459KB

    • MD5

      e9aeafc92e21b4def3a74ff327b73fee

    • SHA1

      695720f543b00cdec8b5cd7b69f23837e2a7b4ba

    • SHA256

      0ac47dda8d3cb2482db0b10cd2ae4638f32c4d391be712683efc8f4ba69dae1c

    • SHA512

      a044cb257d962596e78a9ada15629bdfbe59ce013095adb3a648cfe3cf43c3881eeef5eec3eb7844c68053ec5035216864a7e63780faf8ba542b7192e53974ab

    • SSDEEP

      6144:ujuuRW+fiGP25VqzRB/9vkPceNEsrRgDFWGfwvkfzzgNqA0fJXnIZOF:ujub/GeD8HDeNEsr+cGfwvk7ze0iMF

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks