Overview

overview

10

Static

static

4622a83bb4...ee.exe

windows7-x64

10

4622a83bb4...ee.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4622a83bb4d5b4e7d8e0ea963c927f9a900adb62bc1ab0263409e03d91a59eee

  • Size

    1.0MB

  • Sample

    221127-mh3b9aac63

  • MD5

    2401765178074a5b2f7aa40df5d5eb9b

  • SHA1

    f51da992a5c9c6980223c9fbc39b1175abb3d8d0

  • SHA256

    4622a83bb4d5b4e7d8e0ea963c927f9a900adb62bc1ab0263409e03d91a59eee

  • SHA512

    af00476c5571281b1b1028b267bf70a28d00bcbc181aa8b422249dfabcf68d127795d15780321cba3c04e606742e33c2847143b359728bb0cdc0a7cff5cc8e25

  • SSDEEP

    12288:vUOyMQXOm6Qx7701919qSyVgEHObxxvN8owF3mNpeod8Cw7KZkFkF4:vPlQXf6Qxv0pkhLOdxvNB+ibwWZS

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      4622a83bb4d5b4e7d8e0ea963c927f9a900adb62bc1ab0263409e03d91a59eee

    • Size

      1.0MB

    • MD5

      2401765178074a5b2f7aa40df5d5eb9b

    • SHA1

      f51da992a5c9c6980223c9fbc39b1175abb3d8d0

    • SHA256

      4622a83bb4d5b4e7d8e0ea963c927f9a900adb62bc1ab0263409e03d91a59eee

    • SHA512

      af00476c5571281b1b1028b267bf70a28d00bcbc181aa8b422249dfabcf68d127795d15780321cba3c04e606742e33c2847143b359728bb0cdc0a7cff5cc8e25

    • SSDEEP

      12288:vUOyMQXOm6Qx7701919qSyVgEHObxxvN8owF3mNpeod8Cw7KZkFkF4:vPlQXf6Qxv0pkhLOdxvNB+ibwWZS

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks