Overview

overview

10

Static

static

951ca02475...a9.exe

windows7-x64

10

951ca02475...a9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    951ca02475136fd340c7232763b85a734ffd668dc0134fe2c60d5658213387a9

  • Size

    972KB

  • Sample

    221126-tr9w1sbb8z

  • MD5

    3b7e96061f7d172c89793b2fe29f2dc8

  • SHA1

    bad05521f713738d55ce6eed20dc2a1ef5a978a2

  • SHA256

    951ca02475136fd340c7232763b85a734ffd668dc0134fe2c60d5658213387a9

  • SHA512

    df807becbf861a2eb1eec58b3e6108276050d98deb0cfad80df45c1e0502b4044907c5386e4b1c9eea5eb6ae9c37d761366f134f57a3f3400e9106de4c8a044b

  • SSDEEP

    12288:Bi41crnV0OIhpyYaQYiXWdNhdlk6GT+yLuAAD/DHcwb81ljj9Qv9kvCTl12Pm:Bi4Q01yYsiGdXdS6wkfDQwbuSS6+

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      951ca02475136fd340c7232763b85a734ffd668dc0134fe2c60d5658213387a9

    • Size

      972KB

    • MD5

      3b7e96061f7d172c89793b2fe29f2dc8

    • SHA1

      bad05521f713738d55ce6eed20dc2a1ef5a978a2

    • SHA256

      951ca02475136fd340c7232763b85a734ffd668dc0134fe2c60d5658213387a9

    • SHA512

      df807becbf861a2eb1eec58b3e6108276050d98deb0cfad80df45c1e0502b4044907c5386e4b1c9eea5eb6ae9c37d761366f134f57a3f3400e9106de4c8a044b

    • SSDEEP

      12288:Bi41crnV0OIhpyYaQYiXWdNhdlk6GT+yLuAAD/DHcwb81ljj9Qv9kvCTl12Pm:Bi4Q01yYsiGdXdS6wkfDQwbuSS6+

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks