Overview

overview

10

Static

static

5

853b532081...6f.exe

windows7-x64

10

853b532081...6f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    853b532081ea4cb76aa086634bd5d07ca095bebbad7258fb5fb9ef6fb9a2746f

  • Size

    1.3MB

  • Sample

    221128-wxap8aah91

  • MD5

    55247e810afac66a7de437793bede516

  • SHA1

    41261fddbd211b9032a17b83f0a5130f2a2a3050

  • SHA256

    853b532081ea4cb76aa086634bd5d07ca095bebbad7258fb5fb9ef6fb9a2746f

  • SHA512

    a2e4a9c2e864231fa40b0d08df6ed47683036f295df5b5f0de95b2611a77e975398938b5c8fe7b53400b8122e50c5093af5b9051b60e44a610f531bf12a36585

  • SSDEEP

    24576:Ntb20pkaCqT5TBWgNQ7a2Ikh9mR87qoz16A:+Vg5tQ7a2Ik7moR5

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      853b532081ea4cb76aa086634bd5d07ca095bebbad7258fb5fb9ef6fb9a2746f

    • Size

      1.3MB

    • MD5

      55247e810afac66a7de437793bede516

    • SHA1

      41261fddbd211b9032a17b83f0a5130f2a2a3050

    • SHA256

      853b532081ea4cb76aa086634bd5d07ca095bebbad7258fb5fb9ef6fb9a2746f

    • SHA512

      a2e4a9c2e864231fa40b0d08df6ed47683036f295df5b5f0de95b2611a77e975398938b5c8fe7b53400b8122e50c5093af5b9051b60e44a610f531bf12a36585

    • SSDEEP

      24576:Ntb20pkaCqT5TBWgNQ7a2Ikh9mR87qoz16A:+Vg5tQ7a2Ik7moR5

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks