imminent | 290906f49b5ee43d584cd47d44d8cc86662ba975494049d0f518fe3fcf9fd743 | Triage

Submit
Reports

Overview

overview

Static

static

290906f49b...43.exe

windows7_x64

290906f49b...43.exe

windows10-2004_x64

Sharing

General

Target

290906f49b5ee43d584cd47d44d8cc86662ba975494049d0f518fe3fcf9fd743
Size

431KB
Sample

220615-s4dhxadefq
MD5

874070b71835ed9318ddd22f7bf19401
SHA1

0f3da757863c2856806f8b2fc2528c6cba991158
SHA256

290906f49b5ee43d584cd47d44d8cc86662ba975494049d0f518fe3fcf9fd743
SHA512

b596ec5be90ff0d22f04114831c9f6263df86d25a616c0f5e7449690b387f9207a8f0f0533bee39888fff3ac7c50a5dde31bd393c47f91f9355db3cd9e0118d5

Score

10^/10

imminent evasion spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

290906f49b5ee43d584cd47d44d8cc86662ba975494049d0f518fe3fcf9fd743.exe

Resource

win7-20220414-en

imminent evasion spyware trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

290906f49b5ee43d584cd47d44d8cc86662ba975494049d0f518fe3fcf9fd743.exe

Resource

win10v2004-20220414-en

imminent evasion spyware trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  290906f49b5ee43d584cd47d44d8cc86662ba975494049d0f518fe3fcf9fd743
- Size
  
  431KB
- MD5
  
  874070b71835ed9318ddd22f7bf19401
- SHA1
  
  0f3da757863c2856806f8b2fc2528c6cba991158
- SHA256
  
  290906f49b5ee43d584cd47d44d8cc86662ba975494049d0f518fe3fcf9fd743
- SHA512
  
  b596ec5be90ff0d22f04114831c9f6263df86d25a616c0f5e7449690b387f9207a8f0f0533bee39888fff3ac7c50a5dde31bd393c47f91f9355db3cd9e0118d5
Score

10^/10

imminent evasion spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops desktop.ini file(s)
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentevasionspywaretrojan

behavioral2

imminentevasionspywaretrojan

© 2018-2025

Terms | Privacy