Overview

overview

10

Static

static

3

d28b982f7a...18.exe

windows7-x64

10

d28b982f7a...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d28b982f7a0d90fe9c757bd6df2f5bda_JaffaCakes118

  • Size

    769KB

  • Sample

    240907-ws1qvazarb

  • MD5

    d28b982f7a0d90fe9c757bd6df2f5bda

  • SHA1

    9471e6a12ab32b50ffe823bf79964da83f6c4fd2

  • SHA256

    febd2e70bf3245d28ba9e775c7a06eb16639718d535dfec95cf1e53bbee41cc7

  • SHA512

    8225188fb5ebd4e63c39c1c8142404e0685231cf1968f6dff836ece83ebb6d1389240a694b3fc691db5401e1b82f04deffc5e02c78b4cb55a88b3fdf076107e9

  • SSDEEP

    12288:zDt0L36N9iDuajmAd+I+g1dgYiMHLxTKHhLF+TILQOadjS+:HSL3QiDLd4ID/xHFTKBL0K+

Score
10/10
imminentagilenetdiscoverypersistencespywaretrojan

Malware Config

Targets

    • Target

      d28b982f7a0d90fe9c757bd6df2f5bda_JaffaCakes118

    • Size

      769KB

    • MD5

      d28b982f7a0d90fe9c757bd6df2f5bda

    • SHA1

      9471e6a12ab32b50ffe823bf79964da83f6c4fd2

    • SHA256

      febd2e70bf3245d28ba9e775c7a06eb16639718d535dfec95cf1e53bbee41cc7

    • SHA512

      8225188fb5ebd4e63c39c1c8142404e0685231cf1968f6dff836ece83ebb6d1389240a694b3fc691db5401e1b82f04deffc5e02c78b4cb55a88b3fdf076107e9

    • SSDEEP

      12288:zDt0L36N9iDuajmAd+I+g1dgYiMHLxTKHhLF+TILQOadjS+:HSL3QiDLd4ID/xHFTKBL0K+

    Score
    10/10
    imminentagilenetdiscoverypersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks