imminent | 1fbb8b79e7971693f6a45fa2ef39ed0fbdbe295c449b4c33a56e4c07b7b529e1 | Triage

Submit
Reports

Overview

overview

Static

static

1fbb8b79e7...e1.exe

windows7_x64

8

1fbb8b79e7...e1.exe

windows10-2004_x64

Sharing

General

Target

1fbb8b79e7971693f6a45fa2ef39ed0fbdbe295c449b4c33a56e4c07b7b529e1
Size

614KB
Sample

220612-vgq7lacfd9
MD5

8c96678b5ce7ce0cb1159933f424c087
SHA1

acba652b4f5e7638e050de070db3a98cd6476627
SHA256

1fbb8b79e7971693f6a45fa2ef39ed0fbdbe295c449b4c33a56e4c07b7b529e1
SHA512

0308fe7bde9d0febca0ab7382cd282a0ff24015a0f97646e22b1b2f6636fcf1180e5855ce806dcdcfc55b6860d9b358492aa844c41ece21f6848f7adb58fe8a0

Score

10^/10

imminent agilenet persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

1fbb8b79e7971693f6a45fa2ef39ed0fbdbe295c449b4c33a56e4c07b7b529e1.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1fbb8b79e7971693f6a45fa2ef39ed0fbdbe295c449b4c33a56e4c07b7b529e1.exe

Resource

win10v2004-20220414-en

imminent persistence spyware trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  1fbb8b79e7971693f6a45fa2ef39ed0fbdbe295c449b4c33a56e4c07b7b529e1
- Size
  
  614KB
- MD5
  
  8c96678b5ce7ce0cb1159933f424c087
- SHA1
  
  acba652b4f5e7638e050de070db3a98cd6476627
- SHA256
  
  1fbb8b79e7971693f6a45fa2ef39ed0fbdbe295c449b4c33a56e4c07b7b529e1
- SHA512
  
  0308fe7bde9d0febca0ab7382cd282a0ff24015a0f97646e22b1b2f6636fcf1180e5855ce806dcdcfc55b6860d9b358492aa844c41ece21f6848f7adb58fe8a0
Score

10^/10

agilenet imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

imminentpersistencespywaretrojan

© 2018-2025

Terms | Privacy