Overview

overview

10

Static

static

fcd25a11ef...a8.exe

windows7-x64

10

fcd25a11ef...a8.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fcd25a11ef8ebc61519d66fbf7a0edfcbb4bd9a6b0723993bff99462050011a8

  • Size

    645KB

  • Sample

    221124-dxk7vahb9y

  • MD5

    398a75ee8a26f0ef0a9cfad14291c3af

  • SHA1

    6c515db9557f3256e681fda198cb45c034d01658

  • SHA256

    fcd25a11ef8ebc61519d66fbf7a0edfcbb4bd9a6b0723993bff99462050011a8

  • SHA512

    e3beddb7435300d413ea11edaad14359ea6e262e8cdc201d260a832cf6b4f0c62259a996248337f15b57ca76a19a7ef2a984683461dd6620deb64998a3c246b6

  • SSDEEP

    12288:dXrWlNSpKL/HaQ/82Q3E4RSDnDiLs4C4a7rHNEu34RC2bjpZJYD:duSgLCQ/8H3E4RSbme7rF34RC2FYD

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      fcd25a11ef8ebc61519d66fbf7a0edfcbb4bd9a6b0723993bff99462050011a8

    • Size

      645KB

    • MD5

      398a75ee8a26f0ef0a9cfad14291c3af

    • SHA1

      6c515db9557f3256e681fda198cb45c034d01658

    • SHA256

      fcd25a11ef8ebc61519d66fbf7a0edfcbb4bd9a6b0723993bff99462050011a8

    • SHA512

      e3beddb7435300d413ea11edaad14359ea6e262e8cdc201d260a832cf6b4f0c62259a996248337f15b57ca76a19a7ef2a984683461dd6620deb64998a3c246b6

    • SSDEEP

      12288:dXrWlNSpKL/HaQ/82Q3E4RSDnDiLs4C4a7rHNEu34RC2bjpZJYD:duSgLCQ/8H3E4RSbme7rF34RC2FYD

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks