General
-
Target
8fbf108ecc9b03caa1527714df9d53f10001820dd243e6b35fc41edc93ae1a82
-
Size
952KB
-
Sample
221127-vlpvbsde53
-
MD5
e738581ccc00d7bc7ce7500d03873a0a
-
SHA1
dcc9aad1621a2cb309c719201f3c295705f04a3a
-
SHA256
8fbf108ecc9b03caa1527714df9d53f10001820dd243e6b35fc41edc93ae1a82
-
SHA512
cff79366429c61baea483698aa3cc1b387561ec7c7a71366ba15df1fee1b327ac780535f34a2fd34b812f7165a280838c1cbb4a77f19b477587efac761e424d4
-
SSDEEP
12288:3VcFBopB3yxaWHOP0T7M6SY+Kz4X48E85adAN2/amL8rZ1z8bcr29GRSQ31qDP6Y:+FeXxMnnwTt18Qr29GRSCeA1U
Malware Config
Targets
-
-
Target
8fbf108ecc9b03caa1527714df9d53f10001820dd243e6b35fc41edc93ae1a82
-
Size
952KB
-
MD5
e738581ccc00d7bc7ce7500d03873a0a
-
SHA1
dcc9aad1621a2cb309c719201f3c295705f04a3a
-
SHA256
8fbf108ecc9b03caa1527714df9d53f10001820dd243e6b35fc41edc93ae1a82
-
SHA512
cff79366429c61baea483698aa3cc1b387561ec7c7a71366ba15df1fee1b327ac780535f34a2fd34b812f7165a280838c1cbb4a77f19b477587efac761e424d4
-
SSDEEP
12288:3VcFBopB3yxaWHOP0T7M6SY+Kz4X48E85adAN2/amL8rZ1z8bcr29GRSQ31qDP6Y:+FeXxMnnwTt18Qr29GRSCeA1U
Score10/10-
Imminent RAT
Remote-access trojan based on Imminent Monitor remote admin software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-