General
-
Target
45a8ef08b92d039383b8aef94ac424d87a4e96dee5ec8d949dbc428ab40ad968
-
Size
350KB
-
Sample
221123-rsvglscd61
-
MD5
1c1f2e563c790f7701a575288ae0d573
-
SHA1
e9c4416861831cca3caaa97afa7d381175fa7799
-
SHA256
45a8ef08b92d039383b8aef94ac424d87a4e96dee5ec8d949dbc428ab40ad968
-
SHA512
74c1d4e82a315b812261878a0d7178a5ada950e04026f1446d356afd8378f25f8fcbcdb8cef012985e68d0f00653c97c4d5cdb086d437d9a7e2aba7123e4b5fb
-
SSDEEP
6144:Lt4al8Af5qIFH5oujLgjxWTrv+jLUXlNlVT5ErYzHE84Wq8VBEJAqY420gkGcXEQ:6a9qI1WuIGrv+SlVTSox4X8XEJee
Malware Config
Targets
-
-
Target
45a8ef08b92d039383b8aef94ac424d87a4e96dee5ec8d949dbc428ab40ad968
-
Size
350KB
-
MD5
1c1f2e563c790f7701a575288ae0d573
-
SHA1
e9c4416861831cca3caaa97afa7d381175fa7799
-
SHA256
45a8ef08b92d039383b8aef94ac424d87a4e96dee5ec8d949dbc428ab40ad968
-
SHA512
74c1d4e82a315b812261878a0d7178a5ada950e04026f1446d356afd8378f25f8fcbcdb8cef012985e68d0f00653c97c4d5cdb086d437d9a7e2aba7123e4b5fb
-
SSDEEP
6144:Lt4al8Af5qIFH5oujLgjxWTrv+jLUXlNlVT5ErYzHE84Wq8VBEJAqY420gkGcXEQ:6a9qI1WuIGrv+SlVTSox4X8XEJee
Score10/10-
Imminent RAT
Remote-access trojan based on Imminent Monitor remote admin software.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-