imminent | 4c8721c7bcb25c52a8de36a2801cf0cb3baa5347896e1587d0679892255907b5 | Triage

Sharing

General

Target

4c8721c7bcb25c52a8de36a2801cf0cb3baa5347896e1587d0679892255907b5
Size

604KB
Sample

220609-qjdbascgf7
MD5

19d4a9aee1841e3aee35e115fe81b6ab
SHA1

60e5b623e0daf88daaa3f599f19f6a28338280f6
SHA256

4c8721c7bcb25c52a8de36a2801cf0cb3baa5347896e1587d0679892255907b5
SHA512

7c2a6e1d5aeeec88c043b62a3cbd61997da0fccaea3c6ea292ab4183bde631148e433aa160fc2551f1d01dea85bdf2cd7ced683c35e16c8a549dfd5adee7a391

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  4c8721c7bcb25c52a8de36a2801cf0cb3baa5347896e1587d0679892255907b5
- Size
  
  604KB
- MD5
  
  19d4a9aee1841e3aee35e115fe81b6ab
- SHA1
  
  60e5b623e0daf88daaa3f599f19f6a28338280f6
- SHA256
  
  4c8721c7bcb25c52a8de36a2801cf0cb3baa5347896e1587d0679892255907b5
- SHA512
  
  7c2a6e1d5aeeec88c043b62a3cbd61997da0fccaea3c6ea292ab4183bde631148e433aa160fc2551f1d01dea85bdf2cd7ced683c35e16c8a549dfd5adee7a391
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

imminentpersistencespywaretrojan