Overview

overview

10

Static

static

3

bd6e635eb2...18.exe

windows7-x64

3

bd6e635eb2...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bd6e635eb276e8dcb66e112c14454b88_JaffaCakes118

  • Size

    1.0MB

  • Sample

    240619-vpk1jsyhqm

  • MD5

    bd6e635eb276e8dcb66e112c14454b88

  • SHA1

    492ff5a1a1df6fd3522a05ca3dce4263b45250ff

  • SHA256

    88db3859ec12ea8a91a86e58fa3b34a5c2688ba7f61ebd06567213e3e068d0c1

  • SHA512

    155cd73dcc552de4f476898e54244a81adcb7af5821f54ad9f73b9b152a67581ba911ca89efc43a67dfcd7865b2fbd495706615c85cf8115a4e9bfcc613fc3e5

  • SSDEEP

    12288:wM/VGR9lbM/VGR9lHwo+hFMjquAVYh1YBkQQB86+TZW:B/VGe/VGj+hyjFAV4yBk7B8LTZW

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Targets

    • Target

      bd6e635eb276e8dcb66e112c14454b88_JaffaCakes118

    • Size

      1.0MB

    • MD5

      bd6e635eb276e8dcb66e112c14454b88

    • SHA1

      492ff5a1a1df6fd3522a05ca3dce4263b45250ff

    • SHA256

      88db3859ec12ea8a91a86e58fa3b34a5c2688ba7f61ebd06567213e3e068d0c1

    • SHA512

      155cd73dcc552de4f476898e54244a81adcb7af5821f54ad9f73b9b152a67581ba911ca89efc43a67dfcd7865b2fbd495706615c85cf8115a4e9bfcc613fc3e5

    • SSDEEP

      12288:wM/VGR9lbM/VGR9lHwo+hFMjquAVYh1YBkQQB86+TZW:B/VGe/VGj+hyjFAV4yBk7B8LTZW

    Score
    10/10
    imminentpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks