imminent | 0aff91c316bb8ad560ef89125bc7ed5de42e78348b829f8a1c14259a6daa48b9 | Triage

Sharing

General

Target

0aff91c316bb8ad560ef89125bc7ed5de42e78348b829f8a1c14259a6daa48b9
Size

321KB
Sample

220530-fy43fsadcj
MD5

0d32cf9f79dc145a823d56d7964829e0
SHA1

d487f0256c01dd8e5d950a6b0adf1c54e36fd934
SHA256

0aff91c316bb8ad560ef89125bc7ed5de42e78348b829f8a1c14259a6daa48b9
SHA512

8474e550702efa4d671cca9ce2c6367ab32369b1ead5dd2d08d8ef8389277b034d23e97f4bf6baa8af898784285d47ef0e58ea1ae59b33dc05c9f218c1d51553

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  0aff91c316bb8ad560ef89125bc7ed5de42e78348b829f8a1c14259a6daa48b9
- Size
  
  321KB
- MD5
  
  0d32cf9f79dc145a823d56d7964829e0
- SHA1
  
  d487f0256c01dd8e5d950a6b0adf1c54e36fd934
- SHA256
  
  0aff91c316bb8ad560ef89125bc7ed5de42e78348b829f8a1c14259a6daa48b9
- SHA512
  
  8474e550702efa4d671cca9ce2c6367ab32369b1ead5dd2d08d8ef8389277b034d23e97f4bf6baa8af898784285d47ef0e58ea1ae59b33dc05c9f218c1d51553
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan