Sample File:

	MD5 hash:
		b4f28747a0a9317123f0ef109c580844

	SHA1 hash:
		295fee553b1e703722cd1923697284bac3061190

	SHA256 hash:
		1dd788c038b4d8d2d3302d7a33162322d0896c7d17888e2fa34204b66c9aee50

	Filename(s):
		gabkrj.jpg.exe

	Filetype:
		Windows Exe (x86-32)


Mutex IOCs:

		Global\.net clr networking
		d6255d76-fd1b-49c2-b1bf-bb2df53c6c67


Registry Key IOCs:

		HKEY_CURRENT_USER
		HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\control.exe
		HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
		HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
		HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance
		HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
		HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
		HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
		HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\MediaPermission
		HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\WebBrowserPermission
		HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
		HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\MediaPermission
		HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\WebBrowserPermission
		HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting
		HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion


IP IOCs:

		91.192.100.59
		45.55.57.244


URL IOCs:

		- None -


File IOCs:

	Filenames:

		C:\Users
		C:\Users\CIiHmnxMn6Ps
		C:\Users\CIiHmnxMn6Ps\AppData
		C:\Users\CIiHmnxMn6Ps\AppData\Roaming
		C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Imminent
		C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Imminent\Geo.dat
		C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Imminent\Logs\
		C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Imminent\Logs\04-04-2018
		C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Imminent\Monitoring\
		C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Imminent\Monitoring\network.dat
		C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Imminent\Monitoring\system.dat
		C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Imminent\Path.dat
		C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
		C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.default
		C:\Users\CIiHmnxMn6Ps\AppData\Roaming\temp
		C:\Users\CIiHmnxMn6Ps\AppData\Roaming\temp\tempgh.exe
		C:\Users\CIiHmnxMn6Ps\AppData\Roaming\vfggggg.config
		C:\Users\CIiHmnxMn6Ps\AppData\Roaming\vfggggg.exe
		C:\Users\CIiHmnxMn6Ps\AppData\Roaming\vfggggg.exe:Zone.Identifier
		C:\Users\CIiHmnxMn6Ps\Desktop\gabkrj.jpg.config
		C:\Users\CIiHmnxMn6Ps\Desktop\gabkrj.jpg.exe
		C:\Users\CIiHmnxMn6Ps\Desktop\gabkrj.jpg.exe:Zone.Identifier
		C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config
		C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config
		C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.default
		C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config
		C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.default
		C:\temp
		C:\temp\tempgh.exe

	MD5 hashes:

		33be604f8044d5984e8e3e3b694d710a
		4bbe01de8b5c05457fe0e2d00b92a4f5
		578cfdf82faec2371534ddb644d01e8f
		7e6fcf7a603fc7483139540b7aae5c4d
		b4f28747a0a9317123f0ef109c580844
		dec2ea43741c17cdc573e1b22def8a03

	SHA1 hashes:

		295fee553b1e703722cd1923697284bac3061190
		512c5f801e9fbd73aeefd8e7eaa5ad86bfe2df09
		5503298bf3e0482687610416190c400d100d73de
		57fadd9d52fafafac33e12cfac0a940ebda920ac
		87f61df7bb172cff6ea6ab62015b529cbfd17351
		a89d3174f2757e2effafc3333d6e6fbeccfeb7e5

	SHA256 hashes:

		1dd788c038b4d8d2d3302d7a33162322d0896c7d17888e2fa34204b66c9aee50
		3f785f1cc535b0987139623200c7910b2b28f92dfe3309e8e071c091d0ce7313
		5962c24909ba9bc4c23fe69431b361a81e56cf1771186d9d8705f912b73b88fe
		8975b8f79e75bf1e0518e5eee7089a74db3a412899916e42513ddea655d56c09
		9e901ac2a4eda4d90bb3b81407d28bff737d92d0fb16e685940021e6a4cd2fd0
		a1093478b098fcf27c8f1a43c3a33128120bc4d878a7516e7a081138f2907bef