Overview

overview

10

Static

static

0a733e1a62...8e.exe

windows7-x64

10

0a733e1a62...8e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0a733e1a622a8c4c4a4631a8582fcddee3e7f399d405624c7b6dd0d01b3b6d8e

  • Size

    446KB

  • Sample

    221124-m2nm7scg3z

  • MD5

    2c8de954eb09e95fe19198a60d0ecd60

  • SHA1

    c8a890d82d6ccf20e8a2db78728b9f3cc04eadc4

  • SHA256

    0a733e1a622a8c4c4a4631a8582fcddee3e7f399d405624c7b6dd0d01b3b6d8e

  • SHA512

    6dcf1c414c99fd4c461328112512dcf97727663408b8e45218aa160101669db219977ae35f51fe5f5d797d32944b8325251484c4f869d942d107a4c3f6bf9e7c

  • SSDEEP

    6144:3aLKyEbFBiHIP5Cvf29X0mcG3wGQDOaDXnBHfdQQZXqEcnJIulg06lfKCpm:qj8mHIcvf26GHQSaD3BVQQExxlDCyZ

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      0a733e1a622a8c4c4a4631a8582fcddee3e7f399d405624c7b6dd0d01b3b6d8e

    • Size

      446KB

    • MD5

      2c8de954eb09e95fe19198a60d0ecd60

    • SHA1

      c8a890d82d6ccf20e8a2db78728b9f3cc04eadc4

    • SHA256

      0a733e1a622a8c4c4a4631a8582fcddee3e7f399d405624c7b6dd0d01b3b6d8e

    • SHA512

      6dcf1c414c99fd4c461328112512dcf97727663408b8e45218aa160101669db219977ae35f51fe5f5d797d32944b8325251484c4f869d942d107a4c3f6bf9e7c

    • SSDEEP

      6144:3aLKyEbFBiHIP5Cvf29X0mcG3wGQDOaDXnBHfdQQZXqEcnJIulg06lfKCpm:qj8mHIcvf26GHQSaD3BVQQExxlDCyZ

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks