Technical Analysis of a Novel IMEEX Framework
Essential information
- Published
- 14/10/2024 10:57
- Modified
- 14/10/2024 11:15
- Tags
- 2024-10-14 imeex infrastructure malware persistence stealth windows
- Related entities
- 9 observables, 10 techniques (mitre), 1 malware, 2 others
Description
The IMEEX framework is a newly discovered, custom-built malware targeting Windows systems. Delivered as a 64-bit DLL, it offers extensive control over compromised machines, featuring execution of additional modules, file manipulation, process management, registry modification, and remote command execution. It primarily targets Djibouti and Afghanistan, gathering system information and communicating with its command-and-control server over encrypted channels. The framework employs advanced techniques like masquerading as legitimate processes, mutex creation, and encrypted communications to maintain persistence and evade detection. Its modular approach, robust capabilities, and potential infrastructure overlap with ShadowPad suggest an evolution in threat actor tactics.