Overview

overview

10

Static

static

1

ba06b22201...fd.exe

windows7-x64

10

ba06b22201...fd.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ba06b222017d418654978a57d33ea040b6fb1542c25fe8b7edf30411e2576ffd

  • Size

    577KB

  • Sample

    250109-hvgh4asncw

  • MD5

    c35622ca605dc19d1adad601b49bb567

  • SHA1

    1d816c611fba6121092409aa4cc5a2bfdf3b992f

  • SHA256

    ba06b222017d418654978a57d33ea040b6fb1542c25fe8b7edf30411e2576ffd

  • SHA512

    86e6ded7ec40ffac36667a976578e3e810a0db3d257beae6c4ad94281f2f09447f1b32b41ad0b544d37ec9f494a6a8b3a02c69d021dc8c486992b41cc671894e

  • SSDEEP

    12288:YbD5arFJwK6hMJ6ZzHFZfc28beMGTfZuqb7t:rBJwdhMJ6ZzHrfcsMGTfZ5Pt

Score
10/10
imminentdiscoverypersistencespywaretrojan

Malware Config

Targets

    • Target

      ba06b222017d418654978a57d33ea040b6fb1542c25fe8b7edf30411e2576ffd

    • Size

      577KB

    • MD5

      c35622ca605dc19d1adad601b49bb567

    • SHA1

      1d816c611fba6121092409aa4cc5a2bfdf3b992f

    • SHA256

      ba06b222017d418654978a57d33ea040b6fb1542c25fe8b7edf30411e2576ffd

    • SHA512

      86e6ded7ec40ffac36667a976578e3e810a0db3d257beae6c4ad94281f2f09447f1b32b41ad0b544d37ec9f494a6a8b3a02c69d021dc8c486992b41cc671894e

    • SSDEEP

      12288:YbD5arFJwK6hMJ6ZzHFZfc28beMGTfZuqb7t:rBJwdhMJ6ZzHrfcsMGTfZ5Pt

    Score
    10/10
    imminentdiscoverypersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Imminent family

      imminent

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks