Overview

overview

10

Static

static

8f8518fe48...04.exe

windows7-x64

10

8f8518fe48...04.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8f8518fe48fe969f67021e7a639bb3a3e31f2a053b5d34c97d80c31c06328704

  • Size

    1.3MB

  • Sample

    221126-ac7cssbe8w

  • MD5

    3bd8800fd90744fb970f8f62c9523d74

  • SHA1

    3726c41101c239df34a2ead0dcedebb7343b0465

  • SHA256

    8f8518fe48fe969f67021e7a639bb3a3e31f2a053b5d34c97d80c31c06328704

  • SHA512

    bf9a958901b53352d93bf37b7b4244dd42e2348d182b884e437461a65b52d3151174ec4db4084259cd9d223d5a73adb39caad9edf4c4b0e53207eb3fba5d345f

  • SSDEEP

    24576:rIVaUJtgvY/dSUztMzHIx6liWFF55Pe8rAwAUMRS1P/StqAg1Fxv:rIVaUJqv1UzuM6F2EAnUMRShaZgFxv

Score
10/10
imminentdiscoveryevasionspywaretrojanupx

Malware Config

Targets

    • Target

      8f8518fe48fe969f67021e7a639bb3a3e31f2a053b5d34c97d80c31c06328704

    • Size

      1.3MB

    • MD5

      3bd8800fd90744fb970f8f62c9523d74

    • SHA1

      3726c41101c239df34a2ead0dcedebb7343b0465

    • SHA256

      8f8518fe48fe969f67021e7a639bb3a3e31f2a053b5d34c97d80c31c06328704

    • SHA512

      bf9a958901b53352d93bf37b7b4244dd42e2348d182b884e437461a65b52d3151174ec4db4084259cd9d223d5a73adb39caad9edf4c4b0e53207eb3fba5d345f

    • SSDEEP

      24576:rIVaUJtgvY/dSUztMzHIx6liWFF55Pe8rAwAUMRS1P/StqAg1Fxv:rIVaUJqv1UzuM6F2EAnUMRShaZgFxv

    Score
    10/10
    imminentdiscoveryevasionspywaretrojanupx

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Drops desktop.ini file(s)

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks