Overview

overview

10

Static

static

3

e2aa859c2c...18.exe

windows7-x64

10

e2aa859c2c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e2aa859c2c58d6de3cfb8f22295b2b2d_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240915-rg5s7sxame

  • MD5

    e2aa859c2c58d6de3cfb8f22295b2b2d

  • SHA1

    0652a55d57ea4060dc68812aa781d12d074601da

  • SHA256

    748bc75a3e179e83538908c7f022327558826b61d2767335d89fed1b51222185

  • SHA512

    a51d9de31c51f1f3ea151d3be0255d7797d3861c98d97b14c793b649ab6f1aa6947201a021cb9d623429100d5b28924a610762ced3979c648478c6b0d5c0afbe

  • SSDEEP

    12288:d6NkudPorJGE5wJGE5pA4QAXDzSml+duSHNdj:dJNyJN83Azb+d3Nx

Score
10/10
imminentdiscoverypersistencespywaretrojan

Malware Config

Targets

    • Target

      e2aa859c2c58d6de3cfb8f22295b2b2d_JaffaCakes118

    • Size

      1.3MB

    • MD5

      e2aa859c2c58d6de3cfb8f22295b2b2d

    • SHA1

      0652a55d57ea4060dc68812aa781d12d074601da

    • SHA256

      748bc75a3e179e83538908c7f022327558826b61d2767335d89fed1b51222185

    • SHA512

      a51d9de31c51f1f3ea151d3be0255d7797d3861c98d97b14c793b649ab6f1aa6947201a021cb9d623429100d5b28924a610762ced3979c648478c6b0d5c0afbe

    • SSDEEP

      12288:d6NkudPorJGE5wJGE5pA4QAXDzSml+duSHNdj:dJNyJN83Azb+d3Nx

    Score
    10/10
    imminentdiscoverypersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks