Overview

overview

10

Static

static

3

cba8754ae5...8c.exe

windows7-x64

10

cba8754ae5...8c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cba8754ae5785da5d3da05cd5fb3d52b77729c64ddb86cd0c79831b8ad75a28c.exe

  • Size

    908KB

  • Sample

    241123-e2ndfavjfp

  • MD5

    b4a1a136d4f08945c12f170963337a25

  • SHA1

    0635813b35f5a9698d36ce74afacfdf79bba2a69

  • SHA256

    cba8754ae5785da5d3da05cd5fb3d52b77729c64ddb86cd0c79831b8ad75a28c

  • SHA512

    ab207b9fbcd4ebe47aeee598fc9ca8871b6ce3ebc28c31e065577a25cda65ceeb9bc3931204f26a7561c1b3c570852edf01a4fa96eb5c8d0bc835eb6bd46460c

  • SSDEEP

    12288:QqjqRBa80gi+TCUQpd6KA26mY6nltHnhm9FXRJ:QwqN0gi+TCUQvHEFXH

Score
10/10
imminentdiscoverypersistencespywaretrojan

Malware Config

Targets

    • Target

      cba8754ae5785da5d3da05cd5fb3d52b77729c64ddb86cd0c79831b8ad75a28c.exe

    • Size

      908KB

    • MD5

      b4a1a136d4f08945c12f170963337a25

    • SHA1

      0635813b35f5a9698d36ce74afacfdf79bba2a69

    • SHA256

      cba8754ae5785da5d3da05cd5fb3d52b77729c64ddb86cd0c79831b8ad75a28c

    • SHA512

      ab207b9fbcd4ebe47aeee598fc9ca8871b6ce3ebc28c31e065577a25cda65ceeb9bc3931204f26a7561c1b3c570852edf01a4fa96eb5c8d0bc835eb6bd46460c

    • SSDEEP

      12288:QqjqRBa80gi+TCUQpd6KA26mY6nltHnhm9FXRJ:QwqN0gi+TCUQvHEFXH

    Score
    10/10
    imminentdiscoverypersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Imminent family

      imminent

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks