imminent | 3e466f7e99f42aea17a56cebb60bbb17eb2e8fbb8e779b5b076d81a2717a92c7 | Triage

Sharing

General

Target

3e466f7e99f42aea17a56cebb60bbb17eb2e8fbb8e779b5b076d81a2717a92c7
Size

644KB
Sample

220609-qjdl3acgf8
MD5

2d52f51831bb09c03ef6d4237df554f3
SHA1

2b96a3092e7a44b0af213adb78ce9d38ba8e4df4
SHA256

3e466f7e99f42aea17a56cebb60bbb17eb2e8fbb8e779b5b076d81a2717a92c7
SHA512

84324a5bf5ce001ec71ff22111fd7aa8f29dd01163a6f5f0ad242149cb21a1d64a91a70b2de7a7c2d0dc974882088b95f8c66134208bc572200c0b1bea767790

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  3e466f7e99f42aea17a56cebb60bbb17eb2e8fbb8e779b5b076d81a2717a92c7
- Size
  
  644KB
- MD5
  
  2d52f51831bb09c03ef6d4237df554f3
- SHA1
  
  2b96a3092e7a44b0af213adb78ce9d38ba8e4df4
- SHA256
  
  3e466f7e99f42aea17a56cebb60bbb17eb2e8fbb8e779b5b076d81a2717a92c7
- SHA512
  
  84324a5bf5ce001ec71ff22111fd7aa8f29dd01163a6f5f0ad242149cb21a1d64a91a70b2de7a7c2d0dc974882088b95f8c66134208bc572200c0b1bea767790
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

imminentpersistencespywaretrojan