Overview

overview

10

Static

static

3

8525ab3227...41.exe

windows7-x64

10

8525ab3227...41.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8525ab3227cb41306d82cbd390cab141

  • Size

    404KB

  • Sample

    240131-1kfsxsehbm

  • MD5

    8525ab3227cb41306d82cbd390cab141

  • SHA1

    3e14d294f95e08717750efac1ea3c9e0eb85f0f9

  • SHA256

    c3ceea0c8c8a83004ca4c766d31db127a0e4cab20c234d7c1875774623d81509

  • SHA512

    7c752c173595e870a484ae9d3633304a0b6a798da10b89adc37d100d3ca269c6ec1a21afc0555cf47b3a2cf63a990ac63dce5ececfa15c20a5f1bbb5e30c600d

  • SSDEEP

    6144:0B092WTUJLAg5FJ0qaAGcpdtlbRG3SU3gjy+3iw/MCTWfyL9fRaw4tUS1WiCHms:MTxAgAcpdVOSAgm+SOSfyL9fMw4tQ

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      8525ab3227cb41306d82cbd390cab141

    • Size

      404KB

    • MD5

      8525ab3227cb41306d82cbd390cab141

    • SHA1

      3e14d294f95e08717750efac1ea3c9e0eb85f0f9

    • SHA256

      c3ceea0c8c8a83004ca4c766d31db127a0e4cab20c234d7c1875774623d81509

    • SHA512

      7c752c173595e870a484ae9d3633304a0b6a798da10b89adc37d100d3ca269c6ec1a21afc0555cf47b3a2cf63a990ac63dce5ececfa15c20a5f1bbb5e30c600d

    • SSDEEP

      6144:0B092WTUJLAg5FJ0qaAGcpdtlbRG3SU3gjy+3iw/MCTWfyL9fRaw4tUS1WiCHms:MTxAgAcpdVOSAgm+SOSfyL9fMw4tQ

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks