Overview

overview

10

Static

static

ed7c80a95f...cc.exe

windows7-x64

10

ed7c80a95f...cc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ed7c80a95fb48722ec7385fa5ebde9dafb048f7ddfbdf8c2bf9737c9796cc0cc

  • Size

    421KB

  • Sample

    221123-syhknsff31

  • MD5

    fadba7570a3f390ddf349845ea37dbd0

  • SHA1

    575aa8ae06c295c4d879d2902893d31b9ad74189

  • SHA256

    ed7c80a95fb48722ec7385fa5ebde9dafb048f7ddfbdf8c2bf9737c9796cc0cc

  • SHA512

    255f98e759f7ed811612a26ce84d3a9ef94c8aaa6279d65316e0ef9913c17f7981215dea3e411b3791371cb359fd582b5b41f62b375a37b31dcadc60bd4cb7cd

  • SSDEEP

    12288:tYTkkv9nV08XfRimCHxW1JfM/iipyhawBamxQM+WF:IZ9+8vRcHQ+q0yhRFz

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      ed7c80a95fb48722ec7385fa5ebde9dafb048f7ddfbdf8c2bf9737c9796cc0cc

    • Size

      421KB

    • MD5

      fadba7570a3f390ddf349845ea37dbd0

    • SHA1

      575aa8ae06c295c4d879d2902893d31b9ad74189

    • SHA256

      ed7c80a95fb48722ec7385fa5ebde9dafb048f7ddfbdf8c2bf9737c9796cc0cc

    • SHA512

      255f98e759f7ed811612a26ce84d3a9ef94c8aaa6279d65316e0ef9913c17f7981215dea3e411b3791371cb359fd582b5b41f62b375a37b31dcadc60bd4cb7cd

    • SSDEEP

      12288:tYTkkv9nV08XfRimCHxW1JfM/iipyhawBamxQM+WF:IZ9+8vRcHQ+q0yhRFz

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks