Overview

overview

10

Static

static

3

9e81c23eef...18.exe

windows7-x64

10

9e81c23eef...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9e81c23eef28a75c414b66dda2de9e87_JaffaCakes118

  • Size

    781KB

  • Sample

    240611-rszfkazfjg

  • MD5

    9e81c23eef28a75c414b66dda2de9e87

  • SHA1

    b3f70aaaab6da464c4398512132d52c96e4b68f0

  • SHA256

    69a1636aafb49713f5a0ec12b93b4fbb0a715926749923750e705f6b9d78d576

  • SHA512

    adfc44d8bf4ae381912894ae499e8ee7706e0ba938ac2d0538af966062b31a95c985bdbc5d12175e5c8b3eb143e0dfabfeb85c4608a7f4ad18856cf71950a254

  • SSDEEP

    12288:tZ62ZEAs+tzTPiNeqovCwg72DLnjya44SUCn:tZ5ZEr+BTKNeNE72fjya+UI

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      9e81c23eef28a75c414b66dda2de9e87_JaffaCakes118

    • Size

      781KB

    • MD5

      9e81c23eef28a75c414b66dda2de9e87

    • SHA1

      b3f70aaaab6da464c4398512132d52c96e4b68f0

    • SHA256

      69a1636aafb49713f5a0ec12b93b4fbb0a715926749923750e705f6b9d78d576

    • SHA512

      adfc44d8bf4ae381912894ae499e8ee7706e0ba938ac2d0538af966062b31a95c985bdbc5d12175e5c8b3eb143e0dfabfeb85c4608a7f4ad18856cf71950a254

    • SSDEEP

      12288:tZ62ZEAs+tzTPiNeqovCwg72DLnjya44SUCn:tZ5ZEr+BTKNeNE72fjya+UI

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks