Overview

overview

10

Static

static

f841bcb05f...d7.exe

windows7-x64

10

f841bcb05f...d7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f841bcb05f60885d16227b209e4863e5cada9df1db88c13eee9c7f289f3982d7

  • Size

    15.3MB

  • Sample

    221126-nbxzmaah32

  • MD5

    990a2e47277c3bffe454f4f48f0cd7bf

  • SHA1

    7970cfcd5b63e87385f74bbb730a9f749ff71a80

  • SHA256

    f841bcb05f60885d16227b209e4863e5cada9df1db88c13eee9c7f289f3982d7

  • SHA512

    f93c0b6b0985d255ac576edf843278e8941e2efd1fac362b7f476ec13285c4ffcfe2e1faadebca740933638be82f73eb6e98c933851a0e2f15c38feb67492340

  • SSDEEP

    393216:IDMDfO0IHI7Krnk0SmkypsCFn9W2SQanbAcZIfbMhs6my7Sqqh:guObIeZSmksFn0caRIYh37

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      f841bcb05f60885d16227b209e4863e5cada9df1db88c13eee9c7f289f3982d7

    • Size

      15.3MB

    • MD5

      990a2e47277c3bffe454f4f48f0cd7bf

    • SHA1

      7970cfcd5b63e87385f74bbb730a9f749ff71a80

    • SHA256

      f841bcb05f60885d16227b209e4863e5cada9df1db88c13eee9c7f289f3982d7

    • SHA512

      f93c0b6b0985d255ac576edf843278e8941e2efd1fac362b7f476ec13285c4ffcfe2e1faadebca740933638be82f73eb6e98c933851a0e2f15c38feb67492340

    • SSDEEP

      393216:IDMDfO0IHI7Krnk0SmkypsCFn9W2SQanbAcZIfbMhs6my7Sqqh:guObIeZSmksFn0caRIYh37

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Modifies WinLogon for persistence

      persistence

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks