General
-
Target
8f4ca307cd466278242d05cd431231b1_JaffaCakes118
-
Size
979KB
-
Sample
240602-y5pkfsdg6x
-
MD5
8f4ca307cd466278242d05cd431231b1
-
SHA1
8250649b5efb08ee1e9409d3c6ae9adc2e0c6296
-
SHA256
3a01e1195cf5b815533146eb3be139429cc9816999e97132d2dcc663c09efe90
-
SHA512
bec956cd3780f13b5c8514dff1f6abbead4bf965a67a40c66bd542f7faff53c9ab750fe9180b3e7f86f5b4fb13c9b285f93356ac3850d983802153d0ab7588e6
-
SSDEEP
24576:SPNA1HxMjYqcxVUzpYlvmFhkbr3rUu4T+X:AoRWYKN6mFiX3MY
Malware Config
Targets
-
-
Target
shipment_2k9he3el39z0je2_pdf.exe
-
Size
1.0MB
-
MD5
4e1b38727854a0ffcfdc3c7ff60dfdaa
-
SHA1
501e2ed61d6de84bfb7673129d771f5b1287984e
-
SHA256
5da2c6cf15082f3d5172129593c706ee6b0f9d216720d9974fb84c613b578f30
-
SHA512
7752e63af61703debd5e6cf1e15164df349e1e7ea1f4678dd1447fd933fc1261d9f99bfa09055b257441180785258479835e5f3bb23a569f133dcf89f5b65bfd
-
SSDEEP
24576:D2O/GlmiSXPdMjYqcjJAwmxhKbH3rUO46GMM:ZlMYAwmxUT3ikM
Score10/10-
Imminent RAT
Remote-access trojan based on Imminent Monitor remote admin software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-