imminent | 86323f88c25087297a92e91065b6f9d111f57954e82dbb7317f9f535af71fae8 | Triage

Submit
Reports

Overview

overview

Static

static

86323f88c2...e8.exe

windows7-x64

86323f88c2...e8.exe

windows10-2004-x64

Sharing

General

Target

86323f88c25087297a92e91065b6f9d111f57954e82dbb7317f9f535af71fae8
Size

426KB
Sample

220731-ks623saadl
MD5

78ce45061e4eb02f1ecba7f6027fceb2
SHA1

007c03dac41efb63dba336aec8812e05b538c569
SHA256

86323f88c25087297a92e91065b6f9d111f57954e82dbb7317f9f535af71fae8
SHA512

1451957185e8cd9bbe0686139365aedaa04cb523791b0247f25b48d631c007ced32f0ed7f6e2ec5fea88b2320c18675675a98c1197ae0506614e171b68e08972

Score

10^/10

imminent evasion spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

86323f88c25087297a92e91065b6f9d111f57954e82dbb7317f9f535af71fae8.exe

Resource

win7-20220715-en

imminent evasion spyware trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

86323f88c25087297a92e91065b6f9d111f57954e82dbb7317f9f535af71fae8.exe

Resource

win10v2004-20220722-en

imminent evasion spyware trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  86323f88c25087297a92e91065b6f9d111f57954e82dbb7317f9f535af71fae8
- Size
  
  426KB
- MD5
  
  78ce45061e4eb02f1ecba7f6027fceb2
- SHA1
  
  007c03dac41efb63dba336aec8812e05b538c569
- SHA256
  
  86323f88c25087297a92e91065b6f9d111f57954e82dbb7317f9f535af71fae8
- SHA512
  
  1451957185e8cd9bbe0686139365aedaa04cb523791b0247f25b48d631c007ced32f0ed7f6e2ec5fea88b2320c18675675a98c1197ae0506614e171b68e08972
Score

10^/10

imminent evasion spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Drops desktop.ini file(s)
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentevasionspywaretrojan

behavioral2

imminentevasionspywaretrojan

© 2018-2025

Terms | Privacy