Overview

overview

10

Static

static

3

3b603c01ce...ca.exe

windows7-x64

10

3b603c01ce...ca.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3b603c01ce2e49044dd3355cac57e02a049c558a680fa108683af452b7fc53ca.exe

  • Size

    1.6MB

  • Sample

    241118-h6seqswqdk

  • MD5

    1fbedc7b8c82a26cb3776bbc30c48a5c

  • SHA1

    3b6e3f62f1b5c7ba16bb86bcbc4609678e1ba0bf

  • SHA256

    3b603c01ce2e49044dd3355cac57e02a049c558a680fa108683af452b7fc53ca

  • SHA512

    83835506a4b4c8099fcad057250cd852a3385ee9c52f1cbeba538bdbe4d6d0985dffba85d21490a0a13f0e0da47a35a8a0f5ecbac004137299c5fcf1a84eee85

  • SSDEEP

    12288:FS5O2oHOQsPmB73yWuPYHXDJB/g8buYR1wpoaanFC2oe6weFC9VfDPgnXPh8WiBb:FS5O2oJB73yG/giR0oVye4ep6XOjmzhE

Score
10/10
imminentdiscoverypersistencespywaretrojan

Malware Config

Targets

    • Target

      3b603c01ce2e49044dd3355cac57e02a049c558a680fa108683af452b7fc53ca.exe

    • Size

      1.6MB

    • MD5

      1fbedc7b8c82a26cb3776bbc30c48a5c

    • SHA1

      3b6e3f62f1b5c7ba16bb86bcbc4609678e1ba0bf

    • SHA256

      3b603c01ce2e49044dd3355cac57e02a049c558a680fa108683af452b7fc53ca

    • SHA512

      83835506a4b4c8099fcad057250cd852a3385ee9c52f1cbeba538bdbe4d6d0985dffba85d21490a0a13f0e0da47a35a8a0f5ecbac004137299c5fcf1a84eee85

    • SSDEEP

      12288:FS5O2oHOQsPmB73yWuPYHXDJB/g8buYR1wpoaanFC2oe6weFC9VfDPgnXPh8WiBb:FS5O2oJB73yG/giR0oVye4ep6XOjmzhE

    Score
    10/10
    imminentdiscoverypersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Imminent family

      imminent

    • Modifies WinLogon for persistence

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks