General
-
Target
257d1fb8db17754c87b742304c67f70dfb8f82687a64b5e6fcf814a1e6a81684
-
Size
1.5MB
-
Sample
221127-kr7bfsde26
-
MD5
8a8085cb9d24183f088d59c8472a0285
-
SHA1
0be34f21357bee2ff3ef0bfa32a0cd05d6ff2fe5
-
SHA256
257d1fb8db17754c87b742304c67f70dfb8f82687a64b5e6fcf814a1e6a81684
-
SHA512
8e2f4d7d20fe22929fabf8da51f897bb22928288b1bf6b0107fe91cb6e9b271bd0aefacc860ca8c8613bacf6cd384479400c42438f3cbec001966d094b43eb8c
-
SSDEEP
24576:4tb20pkACqT5TBWgNQ7a9vWBygSNn7eLdTeENA16AgqIYUgphnzhod37:Brg5tQ7a9wygA7eLdTeENI5gqIYULdL
Malware Config
Targets
-
-
Target
257d1fb8db17754c87b742304c67f70dfb8f82687a64b5e6fcf814a1e6a81684
-
Size
1.5MB
-
MD5
8a8085cb9d24183f088d59c8472a0285
-
SHA1
0be34f21357bee2ff3ef0bfa32a0cd05d6ff2fe5
-
SHA256
257d1fb8db17754c87b742304c67f70dfb8f82687a64b5e6fcf814a1e6a81684
-
SHA512
8e2f4d7d20fe22929fabf8da51f897bb22928288b1bf6b0107fe91cb6e9b271bd0aefacc860ca8c8613bacf6cd384479400c42438f3cbec001966d094b43eb8c
-
SSDEEP
24576:4tb20pkACqT5TBWgNQ7a9vWBygSNn7eLdTeENA16AgqIYUgphnzhod37:Brg5tQ7a9wygA7eLdTeENI5gqIYULdL
Score10/10-
Imminent RAT
Remote-access trojan based on Imminent Monitor remote admin software.
-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-