imminent | 1c5ad6dc4a93b2182466dae1f98e518cc458ceeb4dd90f6f874912de0157607f | Triage

Sharing

General

Target

1c5ad6dc4a93b2182466dae1f98e518cc458ceeb4dd90f6f874912de0157607f
Size

870KB
Sample

220607-s94x2sahd5
MD5

0bc8913e99da65224d916a656e848049
SHA1

2885fd36d54a01e4f846152b3cdc3a32e0008606
SHA256

1c5ad6dc4a93b2182466dae1f98e518cc458ceeb4dd90f6f874912de0157607f
SHA512

ad8ab64b0ce81b560dee593638d04d4fdcd913f73401ee12fc9c310b14434816c561c5135fefd5c595af91bcee360ecdd6a91a5950a63fae69a10debe33ad400

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  1c5ad6dc4a93b2182466dae1f98e518cc458ceeb4dd90f6f874912de0157607f
- Size
  
  870KB
- MD5
  
  0bc8913e99da65224d916a656e848049
- SHA1
  
  2885fd36d54a01e4f846152b3cdc3a32e0008606
- SHA256
  
  1c5ad6dc4a93b2182466dae1f98e518cc458ceeb4dd90f6f874912de0157607f
- SHA512
  
  ad8ab64b0ce81b560dee593638d04d4fdcd913f73401ee12fc9c310b14434816c561c5135fefd5c595af91bcee360ecdd6a91a5950a63fae69a10debe33ad400
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan