General
-
Target
61a809335489e741abe00dc2a164106eb6b543413473645dd2461501ab1e7417
-
Size
607KB
-
Sample
221123-rgnjxsge98
-
MD5
3c2ff7ca092e5f85a643718b4b8fd8d5
-
SHA1
665bd7cc6ee476d016a23d98c21d8d34d0e7c865
-
SHA256
61a809335489e741abe00dc2a164106eb6b543413473645dd2461501ab1e7417
-
SHA512
5d48e9c8be4e0d76c52ec58a58968256f8356ec7c9082e178bfec5502e007037642295585e21830c42bca2c9845e61225030fd116d9231c4e446ba6fb10b27d8
-
SSDEEP
6144:Zomzg7QVd7KZMuczJeeo0xdeeS+vtVZzNsYEwyVilDN89tEbfM0p9HajmFZDor96:vzgkVdKZKZ1Q6oYgilD4XOH9Dm9po
Malware Config
Targets
-
-
Target
61a809335489e741abe00dc2a164106eb6b543413473645dd2461501ab1e7417
-
Size
607KB
-
MD5
3c2ff7ca092e5f85a643718b4b8fd8d5
-
SHA1
665bd7cc6ee476d016a23d98c21d8d34d0e7c865
-
SHA256
61a809335489e741abe00dc2a164106eb6b543413473645dd2461501ab1e7417
-
SHA512
5d48e9c8be4e0d76c52ec58a58968256f8356ec7c9082e178bfec5502e007037642295585e21830c42bca2c9845e61225030fd116d9231c4e446ba6fb10b27d8
-
SSDEEP
6144:Zomzg7QVd7KZMuczJeeo0xdeeS+vtVZzNsYEwyVilDN89tEbfM0p9HajmFZDor96:vzgkVdKZKZ1Q6oYgilD4XOH9Dm9po
Score10/10-
Imminent RAT
Remote-access trojan based on Imminent Monitor remote admin software.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-