imminent | 5cf517a87e8b41b05b6f8b69c285aea898e48344e344d6d8ae963f31b6f2b7a8 | Triage

Submit
Reports

Overview

overview

Static

static

5cf517a87e...a8.exe

windows7-x64

5cf517a87e...a8.exe

windows10-2004-x64

Sharing

General

Target

5cf517a87e8b41b05b6f8b69c285aea898e48344e344d6d8ae963f31b6f2b7a8
Size

1.7MB
Sample

221029-qapmzahcbp
MD5

154c3a264fb533d72ad45319517c0727
SHA1

ace750a10e8e2bd4da9c6d2e840db79a7d4a0889
SHA256

5cf517a87e8b41b05b6f8b69c285aea898e48344e344d6d8ae963f31b6f2b7a8
SHA512

7a8337712ce642daab63448def991b3922f8331601fa4670fe8167a837a8958e63cc0bcb705c5176edb7933d186bfba81154f13b6eeaffae85bdcddf21143dc9
SSDEEP

49152:FbE3NHD8Qi3p81gUeub9+WslI7V4DlOfe:ZsF4ESu5jsuV4G

Score

10^/10

imminent agilenet spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

5cf517a87e8b41b05b6f8b69c285aea898e48344e344d6d8ae963f31b6f2b7a8.exe

Resource

win7-20220812-en

imminent agilenet spyware trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

5cf517a87e8b41b05b6f8b69c285aea898e48344e344d6d8ae963f31b6f2b7a8.exe

Resource

win10v2004-20220812-en

imminent agilenet spyware trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  5cf517a87e8b41b05b6f8b69c285aea898e48344e344d6d8ae963f31b6f2b7a8
- Size
  
  1.7MB
- MD5
  
  154c3a264fb533d72ad45319517c0727
- SHA1
  
  ace750a10e8e2bd4da9c6d2e840db79a7d4a0889
- SHA256
  
  5cf517a87e8b41b05b6f8b69c285aea898e48344e344d6d8ae963f31b6f2b7a8
- SHA512
  
  7a8337712ce642daab63448def991b3922f8331601fa4670fe8167a837a8958e63cc0bcb705c5176edb7933d186bfba81154f13b6eeaffae85bdcddf21143dc9
- SSDEEP
  
  49152:FbE3NHD8Qi3p81gUeub9+WslI7V4DlOfe:ZsF4ESu5jsuV4G
Score

10^/10

imminent agilenet spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentagilenetspywaretrojan

behavioral2

imminentagilenetspywaretrojan

© 2018-2025

Terms | Privacy