Overview

overview

10

Static

static

3

2846dcd15e...18.exe

windows7-x64

10

2846dcd15e...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2846dcd15e566c7e24b7fedf40175efb_JaffaCakes118

  • Size

    1000KB

  • Sample

    240509-ex3bssac8s

  • MD5

    2846dcd15e566c7e24b7fedf40175efb

  • SHA1

    a706ff1fadc17eef2eb9003530f55bad6cd451bd

  • SHA256

    ed4cb28d15f23d17e6d5777f4ffd2eb592aa3dac908cfcd517687c949a3eefd8

  • SHA512

    28a1d9a15688542be5573f44b2322883d0367119dfbf66991cf2acb54826ba693b05e77199e3a84dd822ee66d63049b0ed7530d0728864805932228a5d30d0e6

  • SSDEEP

    12288:ziGcTVBLWtR/8zvMyM8vakGUXxcDjcJ/QvH0kZ4lBGluBuAglW6NFjhBSLx25YAt:OcU0ybykzX0G4H0kylBGlu76J40QY

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      2846dcd15e566c7e24b7fedf40175efb_JaffaCakes118

    • Size

      1000KB

    • MD5

      2846dcd15e566c7e24b7fedf40175efb

    • SHA1

      a706ff1fadc17eef2eb9003530f55bad6cd451bd

    • SHA256

      ed4cb28d15f23d17e6d5777f4ffd2eb592aa3dac908cfcd517687c949a3eefd8

    • SHA512

      28a1d9a15688542be5573f44b2322883d0367119dfbf66991cf2acb54826ba693b05e77199e3a84dd822ee66d63049b0ed7530d0728864805932228a5d30d0e6

    • SSDEEP

      12288:ziGcTVBLWtR/8zvMyM8vakGUXxcDjcJ/QvH0kZ4lBGluBuAglW6NFjhBSLx25YAt:OcU0ybykzX0G4H0kylBGlu76J40QY

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks