Overview

overview

10

Static

static

1

4b67a5c9f3...18.exe

windows7-x64

10

4b67a5c9f3...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4b67a5c9f3cbc26fa1ba8c4a6c2b0887_JaffaCakes118

  • Size

    810KB

  • Sample

    240516-q534vafg4x

  • MD5

    4b67a5c9f3cbc26fa1ba8c4a6c2b0887

  • SHA1

    3410210a6d871de4bfd19be3d94d4f10c3b249c7

  • SHA256

    24570b42b7079c0ad8209a2eac73ed4aec5583db877a993cb0389b043ae77f44

  • SHA512

    4817508046ca2b17768fc6e146aded9a87fac5c051609e4fb856407fb1816c57b5fb13c3f3bbf7bac2fde9020b2669e0f2bd4b4dbce9259353f3b13515d700f9

  • SSDEEP

    12288:87T4g2tq0LUNZy75m95NqSTZ7Cb7mlJLJPFz:834g2XUg5WNq0UaLJP5

Score
10/10
imminentagilenetpersistencespywaretrojan

Malware Config

Targets

    • Target

      4b67a5c9f3cbc26fa1ba8c4a6c2b0887_JaffaCakes118

    • Size

      810KB

    • MD5

      4b67a5c9f3cbc26fa1ba8c4a6c2b0887

    • SHA1

      3410210a6d871de4bfd19be3d94d4f10c3b249c7

    • SHA256

      24570b42b7079c0ad8209a2eac73ed4aec5583db877a993cb0389b043ae77f44

    • SHA512

      4817508046ca2b17768fc6e146aded9a87fac5c051609e4fb856407fb1816c57b5fb13c3f3bbf7bac2fde9020b2669e0f2bd4b4dbce9259353f3b13515d700f9

    • SSDEEP

      12288:87T4g2tq0LUNZy75m95NqSTZ7Cb7mlJLJPFz:834g2XUg5WNq0UaLJP5

    Score
    10/10
    imminentagilenetpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks