Overview

overview

10

Static

static

3

6f93266c88...18.exe

windows7-x64

10

6f93266c88...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6f93266c889081b9e855cf7dee21ac46_JaffaCakes118

  • Size

    908KB

  • Sample

    240401-mjsjfaca6w

  • MD5

    6f93266c889081b9e855cf7dee21ac46

  • SHA1

    64e880c2da5643fb68b00f0d00ba5b3eb9773333

  • SHA256

    26a6855a944cf1fea1704b1895b3ecca0f6bc9ff80e02125e4e874e7396dd122

  • SHA512

    cc1d219c1296a567b56a1ac1003494087f9e98c49d3ef8ef3d4fc6e5c6945b13a69d1526d1c27eb2aa795ea44a425a6f7ea3883e1a756b01c1a774f2663e3941

  • SSDEEP

    12288:gTHLJWRQ/izhJ9vzgAYYR/Iu8We84ldBES1xvDxiqq:xRQ/IhYATwu3eVldyEbxiqq

Score
10/10
imminentevasionpersistencespywaretrojan

Malware Config

Targets

    • Target

      6f93266c889081b9e855cf7dee21ac46_JaffaCakes118

    • Size

      908KB

    • MD5

      6f93266c889081b9e855cf7dee21ac46

    • SHA1

      64e880c2da5643fb68b00f0d00ba5b3eb9773333

    • SHA256

      26a6855a944cf1fea1704b1895b3ecca0f6bc9ff80e02125e4e874e7396dd122

    • SHA512

      cc1d219c1296a567b56a1ac1003494087f9e98c49d3ef8ef3d4fc6e5c6945b13a69d1526d1c27eb2aa795ea44a425a6f7ea3883e1a756b01c1a774f2663e3941

    • SSDEEP

      12288:gTHLJWRQ/izhJ9vzgAYYR/Iu8We84ldBES1xvDxiqq:xRQ/IhYATwu3eVldyEbxiqq

    Score
    10/10
    imminentevasionpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • UAC bypass

      evasiontrojan

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks