General
-
Target
AIMr.exe
-
Size
7.2MB
-
Sample
240626-hpf1da1dqf
-
MD5
adcd61646dd9ee3238279ff36dc0e88e
-
SHA1
8c679e249394af001e72225dd866a9f6c0ab3bda
-
SHA256
481865d699e7b4dc3c160e33181f4d2a82067d2d03dd661e0c8fbe047e9f283c
-
SHA512
a52f4dba45a9cde8754ee01224e4d39b22b78edf4ed1e78715dc75e1c4fbd055880b86c7dce2a8441c278b9237ec80312ebe2b8e0125e557c10138384fde3b4f
-
SSDEEP
196608:EnF9x2vX0yELU+poLlRo6hgs41EcHv2SE8LAPHnYG:G9xGX0yMU+aLlRo6d4ug7S4G
Behavioral task
behavioral1
Sample
AIMr.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
AIMr.exe
-
Size
7.2MB
-
MD5
adcd61646dd9ee3238279ff36dc0e88e
-
SHA1
8c679e249394af001e72225dd866a9f6c0ab3bda
-
SHA256
481865d699e7b4dc3c160e33181f4d2a82067d2d03dd661e0c8fbe047e9f283c
-
SHA512
a52f4dba45a9cde8754ee01224e4d39b22b78edf4ed1e78715dc75e1c4fbd055880b86c7dce2a8441c278b9237ec80312ebe2b8e0125e557c10138384fde3b4f
-
SSDEEP
196608:EnF9x2vX0yELU+poLlRo6hgs41EcHv2SE8LAPHnYG:G9xGX0yMU+aLlRo6d4ug7S4G
Score8/10-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Boot or Logon Autostart Execution: Print Processors
Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Modifies termsrv.dll
Commonly used to allow simultaneous RDP sessions.
-