Overview

overview

10

Static

static

primedice.exe

windows7-x64

10

primedice.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05a8a612c82e44fa7aa329021d65d616aa1767d6003bd6870a288583dec87550

  • Size

    463KB

  • Sample

    221123-wlc17scc68

  • MD5

    1a11961201b02ae33eae792c0682e928

  • SHA1

    cca9b6e69fb48e9ec35e3898599d2660b3c1eb11

  • SHA256

    05a8a612c82e44fa7aa329021d65d616aa1767d6003bd6870a288583dec87550

  • SHA512

    06eae4023c0d1b5abd3bce3f6cd9ea63ec274e79957cec166e7f7621f8e1e051556489b61df05d67003a38fde9c9f17adf15749a6331c393443c1e74b69650a3

  • SSDEEP

    12288:ji/3/+Z7cvXX4aWSbj9QejUbWpGg7BTCjer6XuC:Ov/bXX4aWUJjcgxCKrTC

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      primedice.exe

    • Size

      1.6MB

    • MD5

      afb4e06fdf04d43f1331695e5692f659

    • SHA1

      2bb3cbe20610041edd5dd6ae02fc1a60f990d18c

    • SHA256

      86b4e3e757c3c876813a5fba306a9e39986d2e542e2c3056aeb7a665bb2a1d4f

    • SHA512

      145d5ac1956ff08c5bc33086e0ebb5c25707a1b8e57d28ce0f77f5d31b040fc0771c1c129581e47809d66e978a9afab8d64e655b472b33e8c456c728a278641f

    • SSDEEP

      12288:fh/2h8jPhUexyAAn1L7Om7mii8073siQHyg5PnKWeD3rA0y:Z/0Q5UL1LTKQ0bYRcbrA

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks