imminent | 05d17bbb3af3947e4aab748ca50eb028197dc9eedaf831129792981199f1b23b | Triage

Submit
Reports

Overview

overview

Static

static

05d17bbb3a...3b.exe

windows7-x64

8

05d17bbb3a...3b.exe

windows10-2004-x64

Sharing

General

Target

05d17bbb3af3947e4aab748ca50eb028197dc9eedaf831129792981199f1b23b
Size

468KB
Sample

221021-telcwsaahr
MD5

717e9dc766680d93384f6faed13181b0
SHA1

c3309e501fdb9115c39b588c7ba33c329b7c657d
SHA256

05d17bbb3af3947e4aab748ca50eb028197dc9eedaf831129792981199f1b23b
SHA512

1afe5d1bbc8e58b89efd3f7cf7d2cbc64bd99149e5528f1c1c69c7195a2966b79e7ced1dc380d57c8c381a7423570759856ec2a3ae13307a49ee13172c4ec340
SSDEEP

6144:u3lB8iygOCQwIf6wgkcm/SBrB7KTcF2mH0MS3u3p3MHj+/D7F/w:8BggOuG6I/wMHmH0Mkq3MHj+/9/w

Score

10^/10

imminent persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

05d17bbb3af3947e4aab748ca50eb028197dc9eedaf831129792981199f1b23b.exe

Resource

win7-20220812-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

05d17bbb3af3947e4aab748ca50eb028197dc9eedaf831129792981199f1b23b.exe

Resource

win10v2004-20220812-en

imminent persistence spyware trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  05d17bbb3af3947e4aab748ca50eb028197dc9eedaf831129792981199f1b23b
- Size
  
  468KB
- MD5
  
  717e9dc766680d93384f6faed13181b0
- SHA1
  
  c3309e501fdb9115c39b588c7ba33c329b7c657d
- SHA256
  
  05d17bbb3af3947e4aab748ca50eb028197dc9eedaf831129792981199f1b23b
- SHA512
  
  1afe5d1bbc8e58b89efd3f7cf7d2cbc64bd99149e5528f1c1c69c7195a2966b79e7ced1dc380d57c8c381a7423570759856ec2a3ae13307a49ee13172c4ec340
- SSDEEP
  
  6144:u3lB8iygOCQwIf6wgkcm/SBrB7KTcF2mH0MS3u3p3MHj+/D7F/w:8BggOuG6I/wMHmH0Mkq3MHj+/9/w
Score

10^/10

persistence imminent spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

imminentpersistencespywaretrojan

© 2018-2025

Terms | Privacy