General

  • Target

    1c06364242025d376588209d7696b2a7d30b7dc821dce8e6e97765199022c96f

  • Size

    541KB

  • Sample

    221127-t4exeaca59

  • MD5

    378a1bc54157f559dcd2d44a968aae8e

  • SHA1

    4c22a9396fcb85a7c84efab452bf4994ad0a8ded

  • SHA256

    1c06364242025d376588209d7696b2a7d30b7dc821dce8e6e97765199022c96f

  • SHA512

    917d5604c0f09f87857e54978f1dfb8e9313881393fa1da4101606968747c1e764016b82adf758b12653e11b83032eb1dbc5383258fc498f5058e4e972ee356b

  • SSDEEP

    12288:YR2siYxfXbvBv7LNN5BMR6TpEQy94Cj9jXUxgs:YRl5tXbvNz5e6TvCj9jXU2s

Malware Config

Targets

    • Target

      1c06364242025d376588209d7696b2a7d30b7dc821dce8e6e97765199022c96f

    • Size

      541KB

    • MD5

      378a1bc54157f559dcd2d44a968aae8e

    • SHA1

      4c22a9396fcb85a7c84efab452bf4994ad0a8ded

    • SHA256

      1c06364242025d376588209d7696b2a7d30b7dc821dce8e6e97765199022c96f

    • SHA512

      917d5604c0f09f87857e54978f1dfb8e9313881393fa1da4101606968747c1e764016b82adf758b12653e11b83032eb1dbc5383258fc498f5058e4e972ee356b

    • SSDEEP

      12288:YR2siYxfXbvBv7LNN5BMR6TpEQy94Cj9jXUxgs:YRl5tXbvNz5e6TvCj9jXU2s

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

    • Modifies WinLogon for persistence

    • Drops desktop.ini file(s)

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Winlogon Helper DLL

1
T1004

Defense Evasion

Modify Registry

1
T1112

Tasks