General
-
Target
62f6fad0fda5914ffe98a696b39d2664_JaffaCakes118
-
Size
587KB
-
Sample
240521-mhkr7sab8w
-
MD5
62f6fad0fda5914ffe98a696b39d2664
-
SHA1
622fbba68efba634088a783ebb7e6e931f7ecd9f
-
SHA256
4ebe663b8181a37b172efded649a5ac0f61a0bfa570737c9dda3464e7d3654a0
-
SHA512
484bb8cbacc9907dd3ae9b8922af5169f4ad44385318f193aaf639404cc483aedad3ec9805188ca0bab9206f3538ef04848476206777e8152c21863d66265644
-
SSDEEP
12288:teR05v6rCmKni142PLmjcrRFTu6VsMSnbtg/nQEUHkk/:Sbqnl2PL9HiMSnJgUj/
Malware Config
Targets
-
-
Target
62f6fad0fda5914ffe98a696b39d2664_JaffaCakes118
-
Size
587KB
-
MD5
62f6fad0fda5914ffe98a696b39d2664
-
SHA1
622fbba68efba634088a783ebb7e6e931f7ecd9f
-
SHA256
4ebe663b8181a37b172efded649a5ac0f61a0bfa570737c9dda3464e7d3654a0
-
SHA512
484bb8cbacc9907dd3ae9b8922af5169f4ad44385318f193aaf639404cc483aedad3ec9805188ca0bab9206f3538ef04848476206777e8152c21863d66265644
-
SSDEEP
12288:teR05v6rCmKni142PLmjcrRFTu6VsMSnbtg/nQEUHkk/:Sbqnl2PL9HiMSnJgUj/
Score10/10-
Imminent RAT
Remote-access trojan based on Imminent Monitor remote admin software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-