Overview

overview

10

Static

static

3

d70aff28f5...a9.exe

windows7-x64

10

d70aff28f5...a9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d70aff28f5214470d0304a937c0bf7a9

  • Size

    647KB

  • Sample

    240319-y9zwzsef99

  • MD5

    d70aff28f5214470d0304a937c0bf7a9

  • SHA1

    5cb1ef5c6839a60354fddc414a11cc41db2d31e8

  • SHA256

    f8e15aed8f0dbb50430567161ad19fd6fb0554b49682ddb40c905ddb4d166f66

  • SHA512

    43c3e2c43209a1c264a4eb80d9c0765677f19ec6b0888aa5e951cea977fe4d7e2714345413848c2ac21a35720945b2cb9fce0466069e3850e5d6689010b28e7c

  • SSDEEP

    12288:9dzmboLo3Q4GWVFTMNDyq8W/sAhOBaKW5IcvBz1ZlF5UFGuookWvxV6hFgagP:91lch1FoNWtWkAWaNIMxvhKaA

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      d70aff28f5214470d0304a937c0bf7a9

    • Size

      647KB

    • MD5

      d70aff28f5214470d0304a937c0bf7a9

    • SHA1

      5cb1ef5c6839a60354fddc414a11cc41db2d31e8

    • SHA256

      f8e15aed8f0dbb50430567161ad19fd6fb0554b49682ddb40c905ddb4d166f66

    • SHA512

      43c3e2c43209a1c264a4eb80d9c0765677f19ec6b0888aa5e951cea977fe4d7e2714345413848c2ac21a35720945b2cb9fce0466069e3850e5d6689010b28e7c

    • SSDEEP

      12288:9dzmboLo3Q4GWVFTMNDyq8W/sAhOBaKW5IcvBz1ZlF5UFGuookWvxV6hFgagP:91lch1FoNWtWkAWaNIMxvhKaA

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks