imminent | 2caddaa7a9ff687601cd4b42d35f2564ed234d65518c39d8b25bd52ae52a99ec | Triage

Sharing

General

Target

2caddaa7a9ff687601cd4b42d35f2564ed234d65518c39d8b25bd52ae52a99ec
Size

1.0MB
Sample

221019-qvqe1aaaf3
MD5

a0e87e1480ee8f2dceb59d950d5ef4a0
SHA1

45c65853b8a85bbaebf0d675ca521f5716051fc5
SHA256

2caddaa7a9ff687601cd4b42d35f2564ed234d65518c39d8b25bd52ae52a99ec
SHA512

267a24696d53ee28c69e480e0b1bb4243dc55014758cae2c86f42428f644d51cfa79886106da34ff0d81e9488990214cf02b25eed5d93be7d7cd86b922083234
SSDEEP

24576:kRmJkqoQrilOIQ+yMxGaxpYg2aYpzMCLK1:VJXoQryTiMxGaxpYg2a1

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  2caddaa7a9ff687601cd4b42d35f2564ed234d65518c39d8b25bd52ae52a99ec
- Size
  
  1.0MB
- MD5
  
  a0e87e1480ee8f2dceb59d950d5ef4a0
- SHA1
  
  45c65853b8a85bbaebf0d675ca521f5716051fc5
- SHA256
  
  2caddaa7a9ff687601cd4b42d35f2564ed234d65518c39d8b25bd52ae52a99ec
- SHA512
  
  267a24696d53ee28c69e480e0b1bb4243dc55014758cae2c86f42428f644d51cfa79886106da34ff0d81e9488990214cf02b25eed5d93be7d7cd86b922083234
- SSDEEP
  
  24576:kRmJkqoQrilOIQ+yMxGaxpYg2aYpzMCLK1:VJXoQryTiMxGaxpYg2a1
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Modifies WinLogon for persistence
  persistence
- Adds policy Run key to start application
  persistence
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan