imminent | 5b0d0354ef4d8d2935ee93a858c3315a5730181775d162375242c5393b739a75 | Triage

Sharing

General

Target

5b0d0354ef4d8d2935ee93a858c3315a5730181775d162375242c5393b739a75
Size

854KB
Sample

220802-bnc4rschg6
MD5

7fe3d321806c1604e3e3908538bc8aa6
SHA1

571b55a5a0b478fd635b64bb12b20b64611fb2e3
SHA256

5b0d0354ef4d8d2935ee93a858c3315a5730181775d162375242c5393b739a75
SHA512

7ad253c5851b689d564808ab39ea5de4919de0721040c3aad7355012e72184c934ec0aa1ac77f10f3fb03277b0f9c2f363cf026932b12798cbb5d017598086b8

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  5b0d0354ef4d8d2935ee93a858c3315a5730181775d162375242c5393b739a75
- Size
  
  854KB
- MD5
  
  7fe3d321806c1604e3e3908538bc8aa6
- SHA1
  
  571b55a5a0b478fd635b64bb12b20b64611fb2e3
- SHA256
  
  5b0d0354ef4d8d2935ee93a858c3315a5730181775d162375242c5393b739a75
- SHA512
  
  7ad253c5851b689d564808ab39ea5de4919de0721040c3aad7355012e72184c934ec0aa1ac77f10f3fb03277b0f9c2f363cf026932b12798cbb5d017598086b8
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2