Overview

overview

10

Static

static

d4c1fbc3ff...30.exe

windows7-x64

10

d4c1fbc3ff...30.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d4c1fbc3ff3b1c1d7a33bb65bb1055b72de205d5a8ce889759b744663ee9ac30

  • Size

    478KB

  • Sample

    221127-wrxb2acc5w

  • MD5

    f7e1a441315a80328596c03da48d1778

  • SHA1

    892ec2afe8549bc85d323ce9cfef1e08873ae7a0

  • SHA256

    d4c1fbc3ff3b1c1d7a33bb65bb1055b72de205d5a8ce889759b744663ee9ac30

  • SHA512

    ee03790b38b8986739cfda71d4cd12fee0802ae13cb11aeb59c5bdbc249aa363e281014a3da8a2f36615c34f7d6559d82035dc3432145e01e354d64f75063ab4

  • SSDEEP

    6144:0APTi7C55DbmAs2X/4UYPOHfDLmmhDOnzYMvDfDllEVMSjFd+v:7WK5/aq4UYPOugOnEADf7g

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      d4c1fbc3ff3b1c1d7a33bb65bb1055b72de205d5a8ce889759b744663ee9ac30

    • Size

      478KB

    • MD5

      f7e1a441315a80328596c03da48d1778

    • SHA1

      892ec2afe8549bc85d323ce9cfef1e08873ae7a0

    • SHA256

      d4c1fbc3ff3b1c1d7a33bb65bb1055b72de205d5a8ce889759b744663ee9ac30

    • SHA512

      ee03790b38b8986739cfda71d4cd12fee0802ae13cb11aeb59c5bdbc249aa363e281014a3da8a2f36615c34f7d6559d82035dc3432145e01e354d64f75063ab4

    • SSDEEP

      6144:0APTi7C55DbmAs2X/4UYPOHfDLmmhDOnzYMvDfDllEVMSjFd+v:7WK5/aq4UYPOugOnEADf7g

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks