imminent | 929971e4f6dfe0aed2a50229b0d01d843c98d1bc398eba1589e215117dae11e9 | Triage

Sharing

General

Target

929971e4f6dfe0aed2a50229b0d01d843c98d1bc398eba1589e215117dae11e9
Size

706KB
Sample

220609-p2x8ragbgn
MD5

f1e85e3876ddb88acd07e97c417191f4
SHA1

d3e1a89eafc0c19c81e09e8c99c9babc1597eb9b
SHA256

929971e4f6dfe0aed2a50229b0d01d843c98d1bc398eba1589e215117dae11e9
SHA512

6846d7639546cfd3da435ae070c4395b3aa141dada233e691c1d430f92c0a91196db601ae83776706c9aa8dae014d160e480b2bfba49c5be6f9cbfea947b76b8

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  929971e4f6dfe0aed2a50229b0d01d843c98d1bc398eba1589e215117dae11e9
- Size
  
  706KB
- MD5
  
  f1e85e3876ddb88acd07e97c417191f4
- SHA1
  
  d3e1a89eafc0c19c81e09e8c99c9babc1597eb9b
- SHA256
  
  929971e4f6dfe0aed2a50229b0d01d843c98d1bc398eba1589e215117dae11e9
- SHA512
  
  6846d7639546cfd3da435ae070c4395b3aa141dada233e691c1d430f92c0a91196db601ae83776706c9aa8dae014d160e480b2bfba49c5be6f9cbfea947b76b8
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan