imminent | 1eab6168fc3f9556fbdd1147dcbf5c71b5f0dd819e3b779dee0c539c7ae21330 | Triage

Submit
Reports

Overview

overview

Static

static

5

1eab6168fc...30.exe

windows7-x64

8

1eab6168fc...30.exe

windows10-2004-x64

Sharing

General

Target

1eab6168fc3f9556fbdd1147dcbf5c71b5f0dd819e3b779dee0c539c7ae21330
Size

1.5MB
Sample

221119-cj3z3ahd77
MD5

1e08dabb86cdeca39354c5c91fdb0a60
SHA1

d600d53c1d2618783c53037e191541d39f9b3138
SHA256

1eab6168fc3f9556fbdd1147dcbf5c71b5f0dd819e3b779dee0c539c7ae21330
SHA512

20ccaeb92f2d60f97cd0e4f0a0fff4039495949ecd9532ea20ea0d337de4dc966f8ac0f5259f60886c48a4458fe477ece8607852d77f9171ec6f6b2a31477793
SSDEEP

24576:ttb20pksCqT5TBWgNQ7arGvjuoMg/Z3LxKOJL92Cv7C7sr7Ly6K6A:ePg5tQ7arGbLMg/Z3LEOx92k7vr72Z5

Score

10^/10

imminent persistence spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1eab6168fc3f9556fbdd1147dcbf5c71b5f0dd819e3b779dee0c539c7ae21330.exe

Resource

win7-20220812-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

1eab6168fc3f9556fbdd1147dcbf5c71b5f0dd819e3b779dee0c539c7ae21330.exe

Resource

win10v2004-20221111-en

imminent persistence spyware trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  1eab6168fc3f9556fbdd1147dcbf5c71b5f0dd819e3b779dee0c539c7ae21330
- Size
  
  1.5MB
- MD5
  
  1e08dabb86cdeca39354c5c91fdb0a60
- SHA1
  
  d600d53c1d2618783c53037e191541d39f9b3138
- SHA256
  
  1eab6168fc3f9556fbdd1147dcbf5c71b5f0dd819e3b779dee0c539c7ae21330
- SHA512
  
  20ccaeb92f2d60f97cd0e4f0a0fff4039495949ecd9532ea20ea0d337de4dc966f8ac0f5259f60886c48a4458fe477ece8607852d77f9171ec6f6b2a31477793
- SSDEEP
  
  24576:ttb20pksCqT5TBWgNQ7arGvjuoMg/Z3LxKOJL92Cv7C7sr7Ly6K6A:ePg5tQ7arGbLMg/Z3LEOx92k7vr72Z5
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

imminentpersistencespywaretrojan

© 2018-2025

Terms | Privacy