Overview

overview

10

Static

static

f159d6cda2...42.exe

windows7-x64

10

f159d6cda2...42.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f159d6cda2240860733dba50c040df6a433e5cc27038b47c73186311305ce642

  • Size

    775KB

  • Sample

    221124-aevrsahe4w

  • MD5

    cf8afe8f43d0ceb419b660e17f3ae7ca

  • SHA1

    b70b100b643bd4f617b4f9a5b0f828d3a9c09c86

  • SHA256

    f159d6cda2240860733dba50c040df6a433e5cc27038b47c73186311305ce642

  • SHA512

    0f92a936bf333ac61e69b979949d8d09768102636b8c7f212c59711cf45229c438d968b9f2972a951159c8fe039080b0635d0cb75365f7839cd16cc2ae54a5f4

  • SSDEEP

    12288:2A9RqqM2bijAIK7/jas7pmL3qiBXMia3uesKL5iLnE72Ni0YEgqM:2A7iJi43HlF+5MnE7ilG

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      f159d6cda2240860733dba50c040df6a433e5cc27038b47c73186311305ce642

    • Size

      775KB

    • MD5

      cf8afe8f43d0ceb419b660e17f3ae7ca

    • SHA1

      b70b100b643bd4f617b4f9a5b0f828d3a9c09c86

    • SHA256

      f159d6cda2240860733dba50c040df6a433e5cc27038b47c73186311305ce642

    • SHA512

      0f92a936bf333ac61e69b979949d8d09768102636b8c7f212c59711cf45229c438d968b9f2972a951159c8fe039080b0635d0cb75365f7839cd16cc2ae54a5f4

    • SSDEEP

      12288:2A9RqqM2bijAIK7/jas7pmL3qiBXMia3uesKL5iLnE72Ni0YEgqM:2A7iJi43HlF+5MnE7ilG

    Score
    10/10
    persistenceimminentspywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks