Overview

overview

10

Static

static

3

3a953da50b...18.exe

windows7-x64

10

3a953da50b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3a953da50bb2efad589b0f37442ea696_JaffaCakes118

  • Size

    664KB

  • Sample

    240512-rs412sde44

  • MD5

    3a953da50bb2efad589b0f37442ea696

  • SHA1

    1d3818f6e7682b59116aa99483a42e1589c1cd92

  • SHA256

    bbcc1239e936c0fab9f67dbd6013fe301eaae1833d153ecdb2824ea6274014ea

  • SHA512

    381be4093996457274b9cf23badfc452a777dd80cf050c83d979dc9cd2cea9b5b55573552d4d1992124e0740c81c97ee76f5c0e5665731a8a4afd858b8c31360

  • SSDEEP

    12288:n1JOe82836fgbmBUX+jC+uZ9Vq6P1SdVFdbaJUCHDuINrHmkp0cfT:OlPqfgbmeaC+uR5EVFdbaJUC68q9

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      3a953da50bb2efad589b0f37442ea696_JaffaCakes118

    • Size

      664KB

    • MD5

      3a953da50bb2efad589b0f37442ea696

    • SHA1

      1d3818f6e7682b59116aa99483a42e1589c1cd92

    • SHA256

      bbcc1239e936c0fab9f67dbd6013fe301eaae1833d153ecdb2824ea6274014ea

    • SHA512

      381be4093996457274b9cf23badfc452a777dd80cf050c83d979dc9cd2cea9b5b55573552d4d1992124e0740c81c97ee76f5c0e5665731a8a4afd858b8c31360

    • SSDEEP

      12288:n1JOe82836fgbmBUX+jC+uZ9Vq6P1SdVFdbaJUCHDuINrHmkp0cfT:OlPqfgbmeaC+uR5EVFdbaJUC68q9

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks