Overview

overview

10

Static

static

e467fd779a...c3.exe

windows7-x64

10

e467fd779a...c3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e467fd779a583367fdfa3868363e394492ef8b9840a54497fd2d581d922cf4c3

  • Size

    272KB

  • Sample

    221126-ng3gasea31

  • MD5

    4110967fb802dc7c9fb7885c95ab5cbd

  • SHA1

    b388efe57f316a3b5cef0e353fd0f394e803d53d

  • SHA256

    e467fd779a583367fdfa3868363e394492ef8b9840a54497fd2d581d922cf4c3

  • SHA512

    70bf552ba8ff0305ae2f9a07e279434140b62e3e87e887f428ebf3193a623b999dc7207104c50eecb3609d09bc4b45333d38ecc2f804ee24506ceff75f985765

  • SSDEEP

    6144:7sbL9azzIMJSP+PMcx8jH+qJM/4KhfuulWCxCuctlxU:8EzJJSP6Ms8jH+qJrKff1cuIK

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      e467fd779a583367fdfa3868363e394492ef8b9840a54497fd2d581d922cf4c3

    • Size

      272KB

    • MD5

      4110967fb802dc7c9fb7885c95ab5cbd

    • SHA1

      b388efe57f316a3b5cef0e353fd0f394e803d53d

    • SHA256

      e467fd779a583367fdfa3868363e394492ef8b9840a54497fd2d581d922cf4c3

    • SHA512

      70bf552ba8ff0305ae2f9a07e279434140b62e3e87e887f428ebf3193a623b999dc7207104c50eecb3609d09bc4b45333d38ecc2f804ee24506ceff75f985765

    • SSDEEP

      6144:7sbL9azzIMJSP+PMcx8jH+qJM/4KhfuulWCxCuctlxU:8EzJJSP6Ms8jH+qJrKff1cuIK

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks