imminent | 4c67fecabd8eaf45609cc8e63b4b256834c407bdf012ad1ce1ac0625b6844bd0 | Triage

Sharing

General

Target

4c67fecabd8eaf45609cc8e63b4b256834c407bdf012ad1ce1ac0625b6844bd0
Size

544KB
Sample

220712-g3kp2shbh3
MD5

125d0ee48394e7537a2ea07208b34a9c
SHA1

c5c6667f234154773f0007271250e347230764ce
SHA256

4c67fecabd8eaf45609cc8e63b4b256834c407bdf012ad1ce1ac0625b6844bd0
SHA512

61c6ef824cafe949e5abd180d9c4a8ba5f50e6c6ea40f1b3d6fec93230fea8496ac45de46bd0ea34ff62967c9f0fda5fa0fe72c30aa982d59eed014f5c8bb7e6

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  4c67fecabd8eaf45609cc8e63b4b256834c407bdf012ad1ce1ac0625b6844bd0
- Size
  
  544KB
- MD5
  
  125d0ee48394e7537a2ea07208b34a9c
- SHA1
  
  c5c6667f234154773f0007271250e347230764ce
- SHA256
  
  4c67fecabd8eaf45609cc8e63b4b256834c407bdf012ad1ce1ac0625b6844bd0
- SHA512
  
  61c6ef824cafe949e5abd180d9c4a8ba5f50e6c6ea40f1b3d6fec93230fea8496ac45de46bd0ea34ff62967c9f0fda5fa0fe72c30aa982d59eed014f5c8bb7e6
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Modifies WinLogon for persistence
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan