imminent | 384a231718311dc651b77d84b921e4324dd798b9efe6edfce738f43397a1cf4d | Triage

Sharing

General

Target

384a231718311dc651b77d84b921e4324dd798b9efe6edfce738f43397a1cf4d
Size

273KB
Sample

221107-qyq6psccen
MD5

0d6a465ba7627323fd1d7c2cf00dfcd0
SHA1

a3ebfb41d72a8e6d6cbb0c284de9fde50ca11535
SHA256

384a231718311dc651b77d84b921e4324dd798b9efe6edfce738f43397a1cf4d
SHA512

e648200716490f332fbd9c9edd2059adde92111fd7a47c5abe4f3126bbddbc1a877039c196f1daa669d5910a14f99c0a84f915d18e291d9fcd42c32ce171bdf5
SSDEEP

6144:+FOxE8DDwHYmwqZ1i/LOCrzA7PfgRpNynmGgctlQ:mOK8DrMZKHrsDspNQ3gIQ

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  384a231718311dc651b77d84b921e4324dd798b9efe6edfce738f43397a1cf4d
- Size
  
  273KB
- MD5
  
  0d6a465ba7627323fd1d7c2cf00dfcd0
- SHA1
  
  a3ebfb41d72a8e6d6cbb0c284de9fde50ca11535
- SHA256
  
  384a231718311dc651b77d84b921e4324dd798b9efe6edfce738f43397a1cf4d
- SHA512
  
  e648200716490f332fbd9c9edd2059adde92111fd7a47c5abe4f3126bbddbc1a877039c196f1daa669d5910a14f99c0a84f915d18e291d9fcd42c32ce171bdf5
- SSDEEP
  
  6144:+FOxE8DDwHYmwqZ1i/LOCrzA7PfgRpNynmGgctlQ:mOK8DrMZKHrsDspNQ3gIQ
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan