Overview

overview

10

Static

static

1

df359f8a5a...4c.exe

windows7-x64

10

df359f8a5a...4c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    df359f8a5a078a8a2a50e161db43e5d3f8de16141bbedfa35dd71d5fb659bc4c

  • Size

    577KB

  • Sample

    250117-krdn5szpbp

  • MD5

    5c940e91b72a07ea1103c017511d3e48

  • SHA1

    b00c749cda9f60c34b62066ce82f614956c68e83

  • SHA256

    df359f8a5a078a8a2a50e161db43e5d3f8de16141bbedfa35dd71d5fb659bc4c

  • SHA512

    f4d7f7fe7f832bbafac38dbc71c959cbb141ca4ed126845a1c647467835a0ff0da8d13b338aa7a55bb8effa822bfaaf06d7da75be2273a1c731cbd1467f82b46

  • SSDEEP

    12288:YbD5arFJwK6hMJ6ZzHFZfc28beMGTfZuqb7h:rBJwdhMJ6ZzHrfcsMGTfZ5Ph

Score
10/10
imminentdiscoverypersistencespywaretrojan

Malware Config

Targets

    • Target

      df359f8a5a078a8a2a50e161db43e5d3f8de16141bbedfa35dd71d5fb659bc4c

    • Size

      577KB

    • MD5

      5c940e91b72a07ea1103c017511d3e48

    • SHA1

      b00c749cda9f60c34b62066ce82f614956c68e83

    • SHA256

      df359f8a5a078a8a2a50e161db43e5d3f8de16141bbedfa35dd71d5fb659bc4c

    • SHA512

      f4d7f7fe7f832bbafac38dbc71c959cbb141ca4ed126845a1c647467835a0ff0da8d13b338aa7a55bb8effa822bfaaf06d7da75be2273a1c731cbd1467f82b46

    • SSDEEP

      12288:YbD5arFJwK6hMJ6ZzHFZfc28beMGTfZuqb7h:rBJwdhMJ6ZzHrfcsMGTfZ5Ph

    Score
    10/10
    imminentdiscoverypersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Imminent family

      imminent

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks