Overview

overview

10

Static

static

1

b9be4f60db...fa.exe

windows7-x64

10

b9be4f60db...fa.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b9be4f60dbefd02d25ebd66ba363ee9421c3be6f60fd7272a0946ebc18104dfa

  • Size

    577KB

  • Sample

    250117-hqfq1awqal

  • MD5

    315f07320e3d2e5100663f5af9bf13d2

  • SHA1

    821dc2ebfd26906c487442e15f25214445facc82

  • SHA256

    b9be4f60dbefd02d25ebd66ba363ee9421c3be6f60fd7272a0946ebc18104dfa

  • SHA512

    26a40b3cd871db77be2fb699b1fdbf2529bad895e6e267f5e32d78222de3e0d547eb112c57b41c86b4037d36185fa83f879eb7832e63f38eef82c1cbd370518d

  • SSDEEP

    12288:YbD5arFJwK6hMJ6ZzHFZfc28beMGTfZuqb7J:rBJwdhMJ6ZzHrfcsMGTfZ5PJ

Score
10/10
imminentdiscoverypersistencespywaretrojan

Malware Config

Targets

    • Target

      b9be4f60dbefd02d25ebd66ba363ee9421c3be6f60fd7272a0946ebc18104dfa

    • Size

      577KB

    • MD5

      315f07320e3d2e5100663f5af9bf13d2

    • SHA1

      821dc2ebfd26906c487442e15f25214445facc82

    • SHA256

      b9be4f60dbefd02d25ebd66ba363ee9421c3be6f60fd7272a0946ebc18104dfa

    • SHA512

      26a40b3cd871db77be2fb699b1fdbf2529bad895e6e267f5e32d78222de3e0d547eb112c57b41c86b4037d36185fa83f879eb7832e63f38eef82c1cbd370518d

    • SSDEEP

      12288:YbD5arFJwK6hMJ6ZzHFZfc28beMGTfZuqb7J:rBJwdhMJ6ZzHrfcsMGTfZ5PJ

    Score
    10/10
    imminentdiscoverypersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Imminent family

      imminent

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks