Overview

overview

10

Static

static

532b5b5b31...02.exe

windows7-x64

1

532b5b5b31...02.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    532b5b5b312f848f106da7717877c9f287050879f79952d32fff3952ac21e602

  • Size

    5.5MB

  • Sample

    221127-vcjlyscg53

  • MD5

    17729246d4489d4c70d55e34d8b33914

  • SHA1

    05f2888db4c53e4fc0864a15b17c21876bb77e55

  • SHA256

    532b5b5b312f848f106da7717877c9f287050879f79952d32fff3952ac21e602

  • SHA512

    113e98bbd04929bc0de80a5f41182dca992b2e1a45b8917267c77419f0c42cb314d1848418aef00138fed1e20614b8f581e25c0fbbc48d88b2000694bb7dffbe

  • SSDEEP

    12288:N615aFdqQf3gmm3LOBID0wCt266fD4EMBm+56j5rVQkC:QIFdqynuOBID0V2PL4EMBm+O5rVE

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      532b5b5b312f848f106da7717877c9f287050879f79952d32fff3952ac21e602

    • Size

      5.5MB

    • MD5

      17729246d4489d4c70d55e34d8b33914

    • SHA1

      05f2888db4c53e4fc0864a15b17c21876bb77e55

    • SHA256

      532b5b5b312f848f106da7717877c9f287050879f79952d32fff3952ac21e602

    • SHA512

      113e98bbd04929bc0de80a5f41182dca992b2e1a45b8917267c77419f0c42cb314d1848418aef00138fed1e20614b8f581e25c0fbbc48d88b2000694bb7dffbe

    • SSDEEP

      12288:N615aFdqQf3gmm3LOBID0wCt266fD4EMBm+56j5rVQkC:QIFdqynuOBID0V2PL4EMBm+O5rVE

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks