imminent | b94507b3a5729fae4e8ea83a1bcc81264866fc7c39d2d2aeaf8cfb1c0b9966e5 | Triage

Sharing

General

Target

b94507b3a5729fae4e8ea83a1bcc81264866fc7c39d2d2aeaf8cfb1c0b9966e5
Size

299KB
Sample

221029-enjhbsbdcj
MD5

edf3defa07fd28068195967e4e9d4ad7
SHA1

0e462eee7431ac2e0ec6ba5629405010d63cdbff
SHA256

b94507b3a5729fae4e8ea83a1bcc81264866fc7c39d2d2aeaf8cfb1c0b9966e5
SHA512

71dcf6fe6c0b0cefbef15626c1da482d5df34c24640bf83eb591d1fd86da5b27dece154d5804bf56bbcefd61cae1999e7b71392b155ad18199f4ebe065737128
SSDEEP

6144:hKqgRUByp8KmyKG7YWhqcw49KAI2Px2ThzXMKJBH3Eructl:8wyp8bG8Cq949KA0bpH+uI

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  b94507b3a5729fae4e8ea83a1bcc81264866fc7c39d2d2aeaf8cfb1c0b9966e5
- Size
  
  299KB
- MD5
  
  edf3defa07fd28068195967e4e9d4ad7
- SHA1
  
  0e462eee7431ac2e0ec6ba5629405010d63cdbff
- SHA256
  
  b94507b3a5729fae4e8ea83a1bcc81264866fc7c39d2d2aeaf8cfb1c0b9966e5
- SHA512
  
  71dcf6fe6c0b0cefbef15626c1da482d5df34c24640bf83eb591d1fd86da5b27dece154d5804bf56bbcefd61cae1999e7b71392b155ad18199f4ebe065737128
- SSDEEP
  
  6144:hKqgRUByp8KmyKG7YWhqcw49KAI2Px2ThzXMKJBH3Eructl:8wyp8bG8Cq949KA0bpH+uI
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan