imminent | dfd5a647b5c4957bcaef5054b1241dbd0c2c0213c1810e7417242750a081c21a | Triage

Sharing

General

Target

dfd5a647b5c4957bcaef5054b1241dbd0c2c0213c1810e7417242750a081c21a
Size

272KB
Sample

221122-wev87sbh42
MD5

a64077409059b81807d22e157fb09fc8
SHA1

78919afedae2560bf4417f4844d009a43bbff15a
SHA256

dfd5a647b5c4957bcaef5054b1241dbd0c2c0213c1810e7417242750a081c21a
SHA512

663c9b494a5f61a23534a85ddfaacc2bb5bb44304b1499aad9b69c98723a41882ed1cd037629f54c092bf2098ab2213f6a0df873a2fd8038fc3ef4a089045d66
SSDEEP

6144:iUx3z5eUExsUIR3iO48X2muLdjtyOgGHMMqx4B07ctlje:iUhzgNxsnRF4tJLrytGi+07IS

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  dfd5a647b5c4957bcaef5054b1241dbd0c2c0213c1810e7417242750a081c21a
- Size
  
  272KB
- MD5
  
  a64077409059b81807d22e157fb09fc8
- SHA1
  
  78919afedae2560bf4417f4844d009a43bbff15a
- SHA256
  
  dfd5a647b5c4957bcaef5054b1241dbd0c2c0213c1810e7417242750a081c21a
- SHA512
  
  663c9b494a5f61a23534a85ddfaacc2bb5bb44304b1499aad9b69c98723a41882ed1cd037629f54c092bf2098ab2213f6a0df873a2fd8038fc3ef4a089045d66
- SSDEEP
  
  6144:iUx3z5eUExsUIR3iO48X2muLdjtyOgGHMMqx4B07ctlje:iUhzgNxsnRF4tJLrytGi+07IS
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan