imminent | 4c8ba5a3c65c28dd95cbc5a10b100db5a70338a0c76159b7146141de608ebfaa | Triage

Sharing

General

Target

4c8ba5a3c65c28dd95cbc5a10b100db5a70338a0c76159b7146141de608ebfaa
Size

599KB
Sample

220712-gktv1adfgm
MD5

065f6aab9510d8bfe684e12747c4d1ec
SHA1

ca2709e6ad302f1d2d0adc24b961146cc96eadf7
SHA256

4c8ba5a3c65c28dd95cbc5a10b100db5a70338a0c76159b7146141de608ebfaa
SHA512

db7180393dddd89b4c3310235ffaccbda92356fc0598673804a3a5301a53ec175ca18d96017c5d9a7652a15f95ea6c6e20994eba2e339a3ae653a4c70b36dc97

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  4c8ba5a3c65c28dd95cbc5a10b100db5a70338a0c76159b7146141de608ebfaa
- Size
  
  599KB
- MD5
  
  065f6aab9510d8bfe684e12747c4d1ec
- SHA1
  
  ca2709e6ad302f1d2d0adc24b961146cc96eadf7
- SHA256
  
  4c8ba5a3c65c28dd95cbc5a10b100db5a70338a0c76159b7146141de608ebfaa
- SHA512
  
  db7180393dddd89b4c3310235ffaccbda92356fc0598673804a3a5301a53ec175ca18d96017c5d9a7652a15f95ea6c6e20994eba2e339a3ae653a4c70b36dc97
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan