Overview

overview

10

Static

static

3

5254548426...18.exe

windows7-x64

10

5254548426...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5254548426fabd56ac93ac853a416d42_JaffaCakes118

  • Size

    887KB

  • Sample

    240518-a7abjsca2y

  • MD5

    5254548426fabd56ac93ac853a416d42

  • SHA1

    9bef9b9c3ae82c8ab195e6ac025b9af3f10ef338

  • SHA256

    0e88c6fb0ee6e6f4312720edf7f2268986cf30a7bbe5ddec96547c3bd1d12349

  • SHA512

    f8f5301ce64a1c29fc46c606fe0137ffe00a358069eb3f52f8361079ea18cec0301d9c472dabce117f702e74a17cbd63321c111094e063a2d2e3cec092af13f1

  • SSDEEP

    24576:AZEwvy6JFxYi2FS7O36LDHL1thNGkVtG:AZp9FL719Uke

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      5254548426fabd56ac93ac853a416d42_JaffaCakes118

    • Size

      887KB

    • MD5

      5254548426fabd56ac93ac853a416d42

    • SHA1

      9bef9b9c3ae82c8ab195e6ac025b9af3f10ef338

    • SHA256

      0e88c6fb0ee6e6f4312720edf7f2268986cf30a7bbe5ddec96547c3bd1d12349

    • SHA512

      f8f5301ce64a1c29fc46c606fe0137ffe00a358069eb3f52f8361079ea18cec0301d9c472dabce117f702e74a17cbd63321c111094e063a2d2e3cec092af13f1

    • SSDEEP

      24576:AZEwvy6JFxYi2FS7O36LDHL1thNGkVtG:AZp9FL719Uke

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks