General

  • Target

    03bab0daf2e3285f26ced738fc0fd010404cf07513a2135b9f2fd8f894a15490.exe

  • Size

    442KB

  • Sample

    241122-xrs52ssmek

  • MD5

    48a52bf6785639698f907abd05e40f84

  • SHA1

    6de2644a5742e53fe497be30388e952455833713

  • SHA256

    03bab0daf2e3285f26ced738fc0fd010404cf07513a2135b9f2fd8f894a15490

  • SHA512

    6605fddd77733550bbdbf5772b3718444717c420281ebcb3a3f1fb9155c3ae5aa6cea9c87381a0866fb59098a08397f6c02ac0f11a879265d331e4948d843574

  • SSDEEP

    12288:gO3nzR81/CPPYYg8btjp5lQ6GGb2I+ON3BVHLIcgwazbXkZ:5zO1/mYYg85N5lB2PEzOU

Malware Config

Targets

    • Target

      03bab0daf2e3285f26ced738fc0fd010404cf07513a2135b9f2fd8f894a15490.exe

    • Size

      442KB

    • MD5

      48a52bf6785639698f907abd05e40f84

    • SHA1

      6de2644a5742e53fe497be30388e952455833713

    • SHA256

      03bab0daf2e3285f26ced738fc0fd010404cf07513a2135b9f2fd8f894a15490

    • SHA512

      6605fddd77733550bbdbf5772b3718444717c420281ebcb3a3f1fb9155c3ae5aa6cea9c87381a0866fb59098a08397f6c02ac0f11a879265d331e4948d843574

    • SSDEEP

      12288:gO3nzR81/CPPYYg8btjp5lQ6GGb2I+ON3BVHLIcgwazbXkZ:5zO1/mYYg85N5lB2PEzOU

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

    • Imminent family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks