imminent | b25d1e8ab20ad15c5304b804c8a5ff9dbada8c77b36ea6cd85e1c20c407ac800 | Triage

Submit
Reports

Overview

overview

Static

static

b25d1e8ab2...00.exe

windows7-x64

b25d1e8ab2...00.exe

windows10-2004-x64

Sharing

General

Target

b25d1e8ab20ad15c5304b804c8a5ff9dbada8c77b36ea6cd85e1c20c407ac800
Size

1.3MB
Sample

221019-1sr6xsacar
MD5

82dfcb5c33adaaae2975ad51b9258470
SHA1

dbc6fe3e95544f837f442635627c2254d7b579ed
SHA256

b25d1e8ab20ad15c5304b804c8a5ff9dbada8c77b36ea6cd85e1c20c407ac800
SHA512

d415bd5388ec0129914582256ae9c648168290d4f65bb41e3591670d9b50518109cc1f41f04ad7d5caa9a0d24e4b63f139ebcf1b6b1ee9e03f582043808ab32a
SSDEEP

24576:43Sp4fuQAhpQ5LbQxHO9D2iXBo5/sOU1IdvMBC1vpPi9PRWLtY9TxdNEmAN2m:B42QA05b+aHBohsV1QvpK5RQtY9TxsJo

Score

10^/10

imminent persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

b25d1e8ab20ad15c5304b804c8a5ff9dbada8c77b36ea6cd85e1c20c407ac800.exe

Resource

win7-20220812-en

imminent persistence spyware trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

b25d1e8ab20ad15c5304b804c8a5ff9dbada8c77b36ea6cd85e1c20c407ac800.exe

Resource

win10v2004-20220901-en

imminent persistence spyware trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  b25d1e8ab20ad15c5304b804c8a5ff9dbada8c77b36ea6cd85e1c20c407ac800
- Size
  
  1.3MB
- MD5
  
  82dfcb5c33adaaae2975ad51b9258470
- SHA1
  
  dbc6fe3e95544f837f442635627c2254d7b579ed
- SHA256
  
  b25d1e8ab20ad15c5304b804c8a5ff9dbada8c77b36ea6cd85e1c20c407ac800
- SHA512
  
  d415bd5388ec0129914582256ae9c648168290d4f65bb41e3591670d9b50518109cc1f41f04ad7d5caa9a0d24e4b63f139ebcf1b6b1ee9e03f582043808ab32a
- SSDEEP
  
  24576:43Sp4fuQAhpQ5LbQxHO9D2iXBo5/sOU1IdvMBC1vpPi9PRWLtY9TxdNEmAN2m:B42QA05b+aHBohsV1QvpK5RQtY9TxsJo
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan

© 2018-2025

Terms | Privacy