General
-
Target
cea4d368cc5fc909f7c463bfed21f0bfb414e962e16b05b50e87ce2f99ed05b9
-
Size
945KB
-
Sample
241102-sz1gwaxpbs
-
MD5
65933fc5ababf37ea89636f4ed794390
-
SHA1
3cd5fffd6dcd46a604816dc102e38fe0adc38d0a
-
SHA256
cea4d368cc5fc909f7c463bfed21f0bfb414e962e16b05b50e87ce2f99ed05b9
-
SHA512
7999ba1ee15ff61e539fbf1f7a69cac3b87592b320ad689f1d4833e5421b7e14588783dbd8340beb7bee91309185fde446bed5fd82ab74796a7140897e35ca6c
-
SSDEEP
12288:ZSukudPo0VOVtyfVOfH7nISJuXCvMy8SWjjk:ZS8NOfH7ISJy0mxjjk
Malware Config
Targets
-
-
Target
cea4d368cc5fc909f7c463bfed21f0bfb414e962e16b05b50e87ce2f99ed05b9
-
Size
945KB
-
MD5
65933fc5ababf37ea89636f4ed794390
-
SHA1
3cd5fffd6dcd46a604816dc102e38fe0adc38d0a
-
SHA256
cea4d368cc5fc909f7c463bfed21f0bfb414e962e16b05b50e87ce2f99ed05b9
-
SHA512
7999ba1ee15ff61e539fbf1f7a69cac3b87592b320ad689f1d4833e5421b7e14588783dbd8340beb7bee91309185fde446bed5fd82ab74796a7140897e35ca6c
-
SSDEEP
12288:ZSukudPo0VOVtyfVOfH7nISJuXCvMy8SWjjk:ZS8NOfH7ISJy0mxjjk
Score10/10-
Imminent RAT
Remote-access trojan based on Imminent Monitor remote admin software.
-
Imminent family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-