Overview

overview

10

Static

static

21a1f5a0a4...fc.exe

windows7-x64

10

21a1f5a0a4...fc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    21a1f5a0a478d0ef16c47210137bdcbf8e94cc200c88c9b69f17e075237043fc

  • Size

    273KB

  • Sample

    221128-wmax8sab3z

  • MD5

    35a515d816785d3ce2f59eb206133c06

  • SHA1

    a4ef3f64a17dc8abfb583e47f281cae2b6a443de

  • SHA256

    21a1f5a0a478d0ef16c47210137bdcbf8e94cc200c88c9b69f17e075237043fc

  • SHA512

    698a3187670728d5285428dd9ef803feebcdc75a0d46e631ae821de9e158256657854b1e734edb9cfb8e5e2945d6f48000248d0dd2228c2c536aefb3d11472c9

  • SSDEEP

    6144:8IiW4AcPkGRLlcbFExG4X+0fg1G34WmUctlR0kD:4AcPdRuy+zVWHISkD

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      21a1f5a0a478d0ef16c47210137bdcbf8e94cc200c88c9b69f17e075237043fc

    • Size

      273KB

    • MD5

      35a515d816785d3ce2f59eb206133c06

    • SHA1

      a4ef3f64a17dc8abfb583e47f281cae2b6a443de

    • SHA256

      21a1f5a0a478d0ef16c47210137bdcbf8e94cc200c88c9b69f17e075237043fc

    • SHA512

      698a3187670728d5285428dd9ef803feebcdc75a0d46e631ae821de9e158256657854b1e734edb9cfb8e5e2945d6f48000248d0dd2228c2c536aefb3d11472c9

    • SSDEEP

      6144:8IiW4AcPkGRLlcbFExG4X+0fg1G34WmUctlR0kD:4AcPdRuy+zVWHISkD

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks