Overview

overview

10

Static

static

a8586192b5...7d.exe

windows7-x64

8

a8586192b5...7d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a8586192b5b446a0564cbac0d461565dba6c6ee6f5114279062a25ebcd3a177d

  • Size

    282KB

  • Sample

    221127-a3xlaabg81

  • MD5

    dd8c2d2f8dc4c42bfcc7a646e1ac53ff

  • SHA1

    62fb9db3a26b4ac22dc259335cad948ace4bd83e

  • SHA256

    a8586192b5b446a0564cbac0d461565dba6c6ee6f5114279062a25ebcd3a177d

  • SHA512

    fb2c8149468580830b7f245a2f1bb64c21600d0c49dbd0180f9cb486e08b63993d6de8add627aaa4cce57ee8d4f4c00c62768254ddec2979c225f72df3e9e1d3

  • SSDEEP

    6144:7zQFiFpcLu8DAFTXf3DJcp2nsyv2lb8l/9Rf86HU7C5Q3i9C4Y6r/cVQGjs5MdM2:7G0cLutTXPDesjvv/RU6HNqy7tOfAct

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      a8586192b5b446a0564cbac0d461565dba6c6ee6f5114279062a25ebcd3a177d

    • Size

      282KB

    • MD5

      dd8c2d2f8dc4c42bfcc7a646e1ac53ff

    • SHA1

      62fb9db3a26b4ac22dc259335cad948ace4bd83e

    • SHA256

      a8586192b5b446a0564cbac0d461565dba6c6ee6f5114279062a25ebcd3a177d

    • SHA512

      fb2c8149468580830b7f245a2f1bb64c21600d0c49dbd0180f9cb486e08b63993d6de8add627aaa4cce57ee8d4f4c00c62768254ddec2979c225f72df3e9e1d3

    • SSDEEP

      6144:7zQFiFpcLu8DAFTXf3DJcp2nsyv2lb8l/9Rf86HU7C5Q3i9C4Y6r/cVQGjs5MdM2:7G0cLutTXPDesjvv/RU6HNqy7tOfAct

    Score
    10/10
    persistenceimminentspywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks