General
-
Target
f7eb9a41fb41fa7e5b992a75879c71e7_JaffaCakes118
-
Size
718KB
-
Sample
240926-jvmksawcmn
-
MD5
f7eb9a41fb41fa7e5b992a75879c71e7
-
SHA1
322aeec3f69febacb5a5094606e854fd61b08e3b
-
SHA256
c430529936d9ff03e632a56933e83da71892dcf5679183c36e67713113968cd1
-
SHA512
cbc3642352f71d17e031cfb898949eff34cc549fc9688318fc25ee583d2af6dee8f520c0dfb0266dd6ce368d2ca2af0d5e3427999815bf4326737e79252e93ed
-
SSDEEP
12288:7KlvNdLZmmFXJ7rq8ABnpGxEoiZO+0pNrI6md1AxL4316iX5jQyUDpKRe:uA4rSn8H+070t1CK1hq9DpKA
Malware Config
Targets
-
-
Target
f7eb9a41fb41fa7e5b992a75879c71e7_JaffaCakes118
-
Size
718KB
-
MD5
f7eb9a41fb41fa7e5b992a75879c71e7
-
SHA1
322aeec3f69febacb5a5094606e854fd61b08e3b
-
SHA256
c430529936d9ff03e632a56933e83da71892dcf5679183c36e67713113968cd1
-
SHA512
cbc3642352f71d17e031cfb898949eff34cc549fc9688318fc25ee583d2af6dee8f520c0dfb0266dd6ce368d2ca2af0d5e3427999815bf4326737e79252e93ed
-
SSDEEP
12288:7KlvNdLZmmFXJ7rq8ABnpGxEoiZO+0pNrI6md1AxL4316iX5jQyUDpKRe:uA4rSn8H+070t1CK1hq9DpKA
Score10/10-
Imminent RAT
Remote-access trojan based on Imminent Monitor remote admin software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1