Overview

overview

10

Static

static

3

322597f765...18.exe

windows7-x64

10

322597f765...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    322597f76541eac0f3e380d1795fcdfa_JaffaCakes118

  • Size

    338KB

  • Sample

    240511-cdqgsaeh9s

  • MD5

    322597f76541eac0f3e380d1795fcdfa

  • SHA1

    abfe0bc3dc130aba0089aef3e0589d1d79040cb6

  • SHA256

    be168b4be501e534364a3a3430f379298d364801e484cf6cf54cd76e06a50872

  • SHA512

    2c553a84615e3881aaadda40dcea10f66754e7df48e1ccafe4b1aab148d3d48c48e6898fddc523d92cc460d05d61392c837ff9e6583316d6fa16484c2eb10e18

  • SSDEEP

    6144:BL02q/7C0iXsqjrnIehtfvK5Jn6JN4PNOYXrIDWyyYW96dB:B3MCx8qjrIaleJnS+N7XEWtYc6D

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      322597f76541eac0f3e380d1795fcdfa_JaffaCakes118

    • Size

      338KB

    • MD5

      322597f76541eac0f3e380d1795fcdfa

    • SHA1

      abfe0bc3dc130aba0089aef3e0589d1d79040cb6

    • SHA256

      be168b4be501e534364a3a3430f379298d364801e484cf6cf54cd76e06a50872

    • SHA512

      2c553a84615e3881aaadda40dcea10f66754e7df48e1ccafe4b1aab148d3d48c48e6898fddc523d92cc460d05d61392c837ff9e6583316d6fa16484c2eb10e18

    • SSDEEP

      6144:BL02q/7C0iXsqjrnIehtfvK5Jn6JN4PNOYXrIDWyyYW96dB:B3MCx8qjrIaleJnS+N7XEWtYc6D

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks