imminent | ee475a36d64298fb59973c6784c1cd4649d531addc5eeeb00ffa1258d3d29c60 | Triage

Sharing

General

Target

ee475a36d64298fb59973c6784c1cd4649d531addc5eeeb00ffa1258d3d29c60
Size

1.2MB
Sample

220609-qjdbascgf5
MD5

30ecfee4ae0ae72cf645c716bef840a0
SHA1

2ac702c17d67671850b01d126c5dd9f47c5ac886
SHA256

ee475a36d64298fb59973c6784c1cd4649d531addc5eeeb00ffa1258d3d29c60
SHA512

8c85bbe9f1ea93a4f666612aeee466870083d733ac09ab593f966b51aff954332f995aab71807f35ae841dde678a68ec417dc5675d09a2a671979f9864bd19df

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  ee475a36d64298fb59973c6784c1cd4649d531addc5eeeb00ffa1258d3d29c60
- Size
  
  1.2MB
- MD5
  
  30ecfee4ae0ae72cf645c716bef840a0
- SHA1
  
  2ac702c17d67671850b01d126c5dd9f47c5ac886
- SHA256
  
  ee475a36d64298fb59973c6784c1cd4649d531addc5eeeb00ffa1258d3d29c60
- SHA512
  
  8c85bbe9f1ea93a4f666612aeee466870083d733ac09ab593f966b51aff954332f995aab71807f35ae841dde678a68ec417dc5675d09a2a671979f9864bd19df
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

imminentpersistencespywaretrojan