General
-
Target
cb93f6f8fb6b5d26e2301673e3a61df0857043b358d48227d58274c0d567d8db
-
Size
713KB
-
Sample
221123-tcpyasdf79
-
MD5
1194cdb39cd66f8fd31141ea1a2438f2
-
SHA1
c2f7b617b631c8ea25263f3343c343cb0b9a71f9
-
SHA256
cb93f6f8fb6b5d26e2301673e3a61df0857043b358d48227d58274c0d567d8db
-
SHA512
19eb5db13798343bfa5b339cbb52e9be169565e889701b58157b587003632915e7c952b4ad616cf8844fd2744b985a789fafb9fef78797e616a9095c4693c9f0
-
SSDEEP
12288:2Bq1/STF3fQ4jC6tykkXvWQjhes30bhzBBXxSqMp1UK1Ea7:H/SG4jYv7n3izBKp1UK1Ea
Malware Config
Targets
-
-
Target
cb93f6f8fb6b5d26e2301673e3a61df0857043b358d48227d58274c0d567d8db
-
Size
713KB
-
MD5
1194cdb39cd66f8fd31141ea1a2438f2
-
SHA1
c2f7b617b631c8ea25263f3343c343cb0b9a71f9
-
SHA256
cb93f6f8fb6b5d26e2301673e3a61df0857043b358d48227d58274c0d567d8db
-
SHA512
19eb5db13798343bfa5b339cbb52e9be169565e889701b58157b587003632915e7c952b4ad616cf8844fd2744b985a789fafb9fef78797e616a9095c4693c9f0
-
SSDEEP
12288:2Bq1/STF3fQ4jC6tykkXvWQjhes30bhzBBXxSqMp1UK1Ea7:H/SG4jYv7n3izBKp1UK1Ea
Score10/10-
Imminent RAT
Remote-access trojan based on Imminent Monitor remote admin software.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-