Overview

overview

10

Static

static

3

JaffaCakes...b4.exe

windows7-x64

10

JaffaCakes...b4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_dde3ef9c2300ebec4b5fac503ab5acb4

  • Size

    908KB

  • Sample

    250110-hvm1waymcj

  • MD5

    dde3ef9c2300ebec4b5fac503ab5acb4

  • SHA1

    87638ce4b31891a5e66b2482b7b0c1e2faddf7e4

  • SHA256

    1af076d3e8324da6ef21fa16c24aacdb316af29d66aab0f3ab336680ecb8c1e0

  • SHA512

    c94ecb5e47c928f33084721bc8fb6a689cbf1a5efba130b902562fa06174dee14ee8794d852d624a483c1a121e7953c2512d297cb8fb02939065e65d3c546b50

  • SSDEEP

    12288:QqjqRBa80gi+TCUQpd6KA26mY6nltHnhm9FXRt:QwqN0gi+TCUQvHEFX3

Score
10/10
imminentdiscoverypersistencespywaretrojan

Malware Config

Targets

    • Target

      JaffaCakes118_dde3ef9c2300ebec4b5fac503ab5acb4

    • Size

      908KB

    • MD5

      dde3ef9c2300ebec4b5fac503ab5acb4

    • SHA1

      87638ce4b31891a5e66b2482b7b0c1e2faddf7e4

    • SHA256

      1af076d3e8324da6ef21fa16c24aacdb316af29d66aab0f3ab336680ecb8c1e0

    • SHA512

      c94ecb5e47c928f33084721bc8fb6a689cbf1a5efba130b902562fa06174dee14ee8794d852d624a483c1a121e7953c2512d297cb8fb02939065e65d3c546b50

    • SSDEEP

      12288:QqjqRBa80gi+TCUQpd6KA26mY6nltHnhm9FXRt:QwqN0gi+TCUQvHEFX3

    Score
    10/10
    imminentdiscoverypersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Imminent family

      imminent

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks