Overview

overview

10

Static

static

3

c5d113e1f4...07.exe

windows7-x64

10

c5d113e1f4...07.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c5d113e1f4e719d4298bae662ff1eb07

  • Size

    583KB

  • Sample

    240315-14qr8scc31

  • MD5

    c5d113e1f4e719d4298bae662ff1eb07

  • SHA1

    23fdaa69f26986ca548d02f910495785d4790798

  • SHA256

    91e3a85c7f25297f921a6b0927998aea5085a5f9d09a8945360afb03bf60cf20

  • SHA512

    b1d2666c56f4168141164831de8b65c049e3bcc0dcb185fb4b3572d745f24ee92fad66bb8d40fa20a3fa9d9d086a55f34d7ef3b682771d2625bf7c86b1fc0ef4

  • SSDEEP

    12288:v4aHAKg35BTIdTeB1/TVLIbunEplJyH8FUxcjolbPP/czodz75Dj:1g35WA/pIbbJdwbPP/E4

Score
10/10
imminentspywaretrojan

Malware Config

Targets

    • Target

      c5d113e1f4e719d4298bae662ff1eb07

    • Size

      583KB

    • MD5

      c5d113e1f4e719d4298bae662ff1eb07

    • SHA1

      23fdaa69f26986ca548d02f910495785d4790798

    • SHA256

      91e3a85c7f25297f921a6b0927998aea5085a5f9d09a8945360afb03bf60cf20

    • SHA512

      b1d2666c56f4168141164831de8b65c049e3bcc0dcb185fb4b3572d745f24ee92fad66bb8d40fa20a3fa9d9d086a55f34d7ef3b682771d2625bf7c86b1fc0ef4

    • SSDEEP

      12288:v4aHAKg35BTIdTeB1/TVLIbunEplJyH8FUxcjolbPP/czodz75Dj:1g35WA/pIbbJdwbPP/E4

    Score
    10/10
    imminentspywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks