imminent | 48ea163e293c5e4fade6f1406d8ef63167f8378672008852a29e37690747c14c | Triage

Sharing

General

Target

48ea163e293c5e4fade6f1406d8ef63167f8378672008852a29e37690747c14c
Size

634KB
Sample

220609-qgm3qagdbr
MD5

43c58adee9cb4ef968bfc14816a4762b
SHA1

81cad18a8d153367facf6fffe47cfabc44d80026
SHA256

48ea163e293c5e4fade6f1406d8ef63167f8378672008852a29e37690747c14c
SHA512

91a7c5c7c68d8f21cfdbb134a6681f74e4c947ffae1767339e838a268d35d8b400d66e57f3573a27a5c3180299fc606997ebcc73e4776e477113dd85ffd4d94c

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  48ea163e293c5e4fade6f1406d8ef63167f8378672008852a29e37690747c14c
- Size
  
  634KB
- MD5
  
  43c58adee9cb4ef968bfc14816a4762b
- SHA1
  
  81cad18a8d153367facf6fffe47cfabc44d80026
- SHA256
  
  48ea163e293c5e4fade6f1406d8ef63167f8378672008852a29e37690747c14c
- SHA512
  
  91a7c5c7c68d8f21cfdbb134a6681f74e4c947ffae1767339e838a268d35d8b400d66e57f3573a27a5c3180299fc606997ebcc73e4776e477113dd85ffd4d94c
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan