Overview

overview

10

Static

static

222db4e191...08.exe

windows7-x64

10

222db4e191...08.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    222db4e1916a04cd6b5e11a65fd4f5e08bf7453edf4d361b6a09de41f5f76908

  • Size

    477KB

  • Sample

    221124-dxnyqshc2t

  • MD5

    aa7f88ac6b39b9b9f7d0373a368eb437

  • SHA1

    6603e6e54f9eba65a4e1c913af35292e58ea5084

  • SHA256

    222db4e1916a04cd6b5e11a65fd4f5e08bf7453edf4d361b6a09de41f5f76908

  • SHA512

    0ab9373cac82ceaf6787ef5f99c40cdd604b6f3abd27e5b97485985498b249e9d36be6a2b62ffe943487b70d7896edaa97c07e1c40e651b6ec58cfaf962550b6

  • SSDEEP

    12288:X35rxs/Cl9lPP0uaQ5SGvLNuBEgcFfKwZNdEm0g3I:X3vs/Cl9dFvSaLSEgRwZQmq

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      222db4e1916a04cd6b5e11a65fd4f5e08bf7453edf4d361b6a09de41f5f76908

    • Size

      477KB

    • MD5

      aa7f88ac6b39b9b9f7d0373a368eb437

    • SHA1

      6603e6e54f9eba65a4e1c913af35292e58ea5084

    • SHA256

      222db4e1916a04cd6b5e11a65fd4f5e08bf7453edf4d361b6a09de41f5f76908

    • SHA512

      0ab9373cac82ceaf6787ef5f99c40cdd604b6f3abd27e5b97485985498b249e9d36be6a2b62ffe943487b70d7896edaa97c07e1c40e651b6ec58cfaf962550b6

    • SSDEEP

      12288:X35rxs/Cl9lPP0uaQ5SGvLNuBEgcFfKwZNdEm0g3I:X3vs/Cl9dFvSaLSEgRwZQmq

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks