Overview

overview

10

Static

static

3

894737078b...18.exe

windows7-x64

10

894737078b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    894737078b3cd6b44f6f4d6db828bee8_JaffaCakes118

  • Size

    523KB

  • Sample

    240601-ecnb5sgh41

  • MD5

    894737078b3cd6b44f6f4d6db828bee8

  • SHA1

    c618cb2da208066781f6644326077863d2688cb2

  • SHA256

    e0ce0775b5ba31db0f90d90d4c56c78a5bd7bacfdb77a616e22f41695862527e

  • SHA512

    6e055815bb256ce85884be07da847738f2cd5374ac862414a10de6bb956919fb8d5f3027c773392cc3765c1bef34a9acb9c438cafd339e0fd853caf314f6eb07

  • SSDEEP

    12288:oQJkMqtWvQB95/Zxc4WHqJjd/vfMzAhzWYJ9X6z4MOig:S0yfai3MkVJa4Bx

Score
10/10
imminentparallaxpersistenceratspywaretrojan

Malware Config

Targets

    • Target

      894737078b3cd6b44f6f4d6db828bee8_JaffaCakes118

    • Size

      523KB

    • MD5

      894737078b3cd6b44f6f4d6db828bee8

    • SHA1

      c618cb2da208066781f6644326077863d2688cb2

    • SHA256

      e0ce0775b5ba31db0f90d90d4c56c78a5bd7bacfdb77a616e22f41695862527e

    • SHA512

      6e055815bb256ce85884be07da847738f2cd5374ac862414a10de6bb956919fb8d5f3027c773392cc3765c1bef34a9acb9c438cafd339e0fd853caf314f6eb07

    • SSDEEP

      12288:oQJkMqtWvQB95/Zxc4WHqJjd/vfMzAhzWYJ9X6z4MOig:S0yfai3MkVJa4Bx

    Score
    10/10
    imminentparallaxpersistenceratspywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • ParallaxRat

      ParallaxRat is a multipurpose RAT written in MASM.

      ratparallax

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks