Extracted

Extracted

• • Target

    979ae773047c238e6262757ee32e038b5fefc57680575f87fb9b83fcc0519084

  • Size

    24.3MB

  • MD5

    b837151f690aabf4a82cdfe138c01b1f

  • SHA1

    b0c828064d402fd2e63562f9300c9ea9222b4e9c

  • SHA256

    979ae773047c238e6262757ee32e038b5fefc57680575f87fb9b83fcc0519084

  • SHA512

    9bb16bc6415c9c3c18db4cda6412c9244656ae4bff7792c732035ee03604dda897c0ac2a0a8bfc29d2f8fc60044a54c7f9d8e17ef0df9f816f9e3c065beb2edd

  • SSDEEP

    393216:d0pgWC+4cw08gMka47tPxDKdUU7K9HuNW7BqTOjDtXLEc3uoTHE:ZXjcCtkJPxkn8uw7Bq8X82E

  Score

  10^/10

  imminentlimeratnjratxmrigevasionminerpersistenceratspywaretrojanupx

  • Imminent RAT

    Remote-access trojan based on Imminent Monitor remote admin software.

    trojanspywareimminent

  • LimeRAT

    Simple yet powerful RAT for Windows machines written in .NET.

    ratlimerat

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • XMRig Miner payload

    miner

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2