Overview

overview

10

Static

static

1

ed331cc5de...3b.exe

windows7-x64

10

ed331cc5de...3b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ed331cc5de77ff8b729fc281fbbadb2922ada61eba94671ff8db0fe77d67983b

  • Size

    577KB

  • Sample

    250110-ltbg8stjhl

  • MD5

    d9f332f5bca54d609b4fd2ecaa4eb6c4

  • SHA1

    d6e40d4fd5d5d7db9ec33e0081c0a63e9fb5a641

  • SHA256

    ed331cc5de77ff8b729fc281fbbadb2922ada61eba94671ff8db0fe77d67983b

  • SHA512

    60d7c4feea52940dd1b8321ecc7233a7b3fafa194a87a7b139473a8f0ff5ce563b1cf271f4777e4238e70cf6e4b2f3eb0390fade270b5c1382dadf6e393e942c

  • SSDEEP

    12288:YbD5arFJwK6hMJ6ZzHFZfc28beMGTfZuqb7K:rBJwdhMJ6ZzHrfcsMGTfZ5PK

Score
10/10
imminentdiscoverypersistencespywaretrojan

Malware Config

Targets

    • Target

      ed331cc5de77ff8b729fc281fbbadb2922ada61eba94671ff8db0fe77d67983b

    • Size

      577KB

    • MD5

      d9f332f5bca54d609b4fd2ecaa4eb6c4

    • SHA1

      d6e40d4fd5d5d7db9ec33e0081c0a63e9fb5a641

    • SHA256

      ed331cc5de77ff8b729fc281fbbadb2922ada61eba94671ff8db0fe77d67983b

    • SHA512

      60d7c4feea52940dd1b8321ecc7233a7b3fafa194a87a7b139473a8f0ff5ce563b1cf271f4777e4238e70cf6e4b2f3eb0390fade270b5c1382dadf6e393e942c

    • SSDEEP

      12288:YbD5arFJwK6hMJ6ZzHFZfc28beMGTfZuqb7K:rBJwdhMJ6ZzHrfcsMGTfZ5PK

    Score
    10/10
    imminentdiscoverypersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Imminent family

      imminent

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks