General
-
Target
a97144af800ff333f4b8a0361d791087_JaffaCakes118
-
Size
466KB
-
Sample
240614-nmangasepj
-
MD5
a97144af800ff333f4b8a0361d791087
-
SHA1
131cef8e8239477f295dfb84a70304d62652bd6b
-
SHA256
125273103d910e7aec35c4bf75fce7fb0d000eee31b9b5409119f38069dbb722
-
SHA512
ca61bfb7da94969720f2c54ba5c6b16b151405777612f0c78a17f885e668e8bcb69b45ff35c3fcc07a3bde7911d5956ab5f13640a1a806092803eea0b6cb07bb
-
SSDEEP
6144:BWylDcksxWe65bf67rHzZ8Ees9gbCKbGHOOJ3Vd6QBOT+VTJQQCklKAmAAcOGRwj:0yGksh8bfUrH2osCKi7kQBOTrE5F9wfL
Malware Config
Targets
-
-
Target
a97144af800ff333f4b8a0361d791087_JaffaCakes118
-
Size
466KB
-
MD5
a97144af800ff333f4b8a0361d791087
-
SHA1
131cef8e8239477f295dfb84a70304d62652bd6b
-
SHA256
125273103d910e7aec35c4bf75fce7fb0d000eee31b9b5409119f38069dbb722
-
SHA512
ca61bfb7da94969720f2c54ba5c6b16b151405777612f0c78a17f885e668e8bcb69b45ff35c3fcc07a3bde7911d5956ab5f13640a1a806092803eea0b6cb07bb
-
SSDEEP
6144:BWylDcksxWe65bf67rHzZ8Ees9gbCKbGHOOJ3Vd6QBOT+VTJQQCklKAmAAcOGRwj:0yGksh8bfUrH2osCKi7kQBOTrE5F9wfL
Score10/10-
Imminent RAT
Remote-access trojan based on Imminent Monitor remote admin software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-