imminent | 10ee8d9d713d0da6e4d024533ec9d5c82a55c729e7583a2c07e53d297de10d44 | Triage

Sharing

General

Target

10ee8d9d713d0da6e4d024533ec9d5c82a55c729e7583a2c07e53d297de10d44
Size

437KB
Sample

220604-mvfc9acca3
MD5

de92204ac5537f2cce8db7eede59f216
SHA1

9532139cd65bff2be0d5fd6cacd6509b6401065e
SHA256

10ee8d9d713d0da6e4d024533ec9d5c82a55c729e7583a2c07e53d297de10d44
SHA512

c7882d4dac1015caac7b6a69a896172736be119cacc106a9afc6fc77fdb16da4138c10b9b39107bdaddad2c91fd36bc7a7b5ae7095434112a9724931a988cf01

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  10ee8d9d713d0da6e4d024533ec9d5c82a55c729e7583a2c07e53d297de10d44
- Size
  
  437KB
- MD5
  
  de92204ac5537f2cce8db7eede59f216
- SHA1
  
  9532139cd65bff2be0d5fd6cacd6509b6401065e
- SHA256
  
  10ee8d9d713d0da6e4d024533ec9d5c82a55c729e7583a2c07e53d297de10d44
- SHA512
  
  c7882d4dac1015caac7b6a69a896172736be119cacc106a9afc6fc77fdb16da4138c10b9b39107bdaddad2c91fd36bc7a7b5ae7095434112a9724931a988cf01
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan