Overview

overview

10

Static

static

3

b47f3d5e5b...18.exe

windows7-x64

10

b47f3d5e5b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b47f3d5e5b7be1b28fdb0dcc185061f9_JaffaCakes118

  • Size

    622KB

  • Sample

    240616-wsajnavfll

  • MD5

    b47f3d5e5b7be1b28fdb0dcc185061f9

  • SHA1

    981b504aba2258b65019757c57bd270b08e8f962

  • SHA256

    c74f3db633c69c1e7ddd1ece82f8592d57ca06047fe6ea1217492478301ca31d

  • SHA512

    0fe976b4ec394389be354669279cd514b013e702be7f23bbf09f496ed831002121dd7a550bec857ac1bac400342dca38fa449707a985438516c34b92be793c9c

  • SSDEEP

    12288:lrI+ROTnXPCbnU/MK09Pc79+n9v21wR6:lVsTnX4U0fPcJid21Q6

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      b47f3d5e5b7be1b28fdb0dcc185061f9_JaffaCakes118

    • Size

      622KB

    • MD5

      b47f3d5e5b7be1b28fdb0dcc185061f9

    • SHA1

      981b504aba2258b65019757c57bd270b08e8f962

    • SHA256

      c74f3db633c69c1e7ddd1ece82f8592d57ca06047fe6ea1217492478301ca31d

    • SHA512

      0fe976b4ec394389be354669279cd514b013e702be7f23bbf09f496ed831002121dd7a550bec857ac1bac400342dca38fa449707a985438516c34b92be793c9c

    • SSDEEP

      12288:lrI+ROTnXPCbnU/MK09Pc79+n9v21wR6:lVsTnX4U0fPcJid21Q6

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks