Overview

overview

10

Static

static

4802f50d68...ac.exe

windows7-x64

10

4802f50d68...ac.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4802f50d6851e4e118bca0dc077ebfb4489054bfd00c36fda8bb5b87c41740ac

  • Size

    377KB

  • Sample

    221125-zr17rsef24

  • MD5

    641855448f414edc830470f5e94ce912

  • SHA1

    0c583e3346eb1eecfed3428ba24028f7ed76a91a

  • SHA256

    4802f50d6851e4e118bca0dc077ebfb4489054bfd00c36fda8bb5b87c41740ac

  • SHA512

    5b0025957a981f35d14e868c7924d893a85b8425c4da90781e0db25b7d97d5eaae05c83ea219dedae34ed345f6345ef373dd4427f6c9af418df4d621f51f8f19

  • SSDEEP

    6144:XlCA2GhNH75bYjVQMS38Gwf2hzIBp3BFlS2JIngauf1NG3DYv3JphAo88S011TE2:XJ2iNH7lZ8YhzIBNhJvntk3u3Jpil8pB

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      4802f50d6851e4e118bca0dc077ebfb4489054bfd00c36fda8bb5b87c41740ac

    • Size

      377KB

    • MD5

      641855448f414edc830470f5e94ce912

    • SHA1

      0c583e3346eb1eecfed3428ba24028f7ed76a91a

    • SHA256

      4802f50d6851e4e118bca0dc077ebfb4489054bfd00c36fda8bb5b87c41740ac

    • SHA512

      5b0025957a981f35d14e868c7924d893a85b8425c4da90781e0db25b7d97d5eaae05c83ea219dedae34ed345f6345ef373dd4427f6c9af418df4d621f51f8f19

    • SSDEEP

      6144:XlCA2GhNH75bYjVQMS38Gwf2hzIBp3BFlS2JIngauf1NG3DYv3JphAo88S011TE2:XJ2iNH7lZ8YhzIBNhJvntk3u3Jpil8pB

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks