imminent | 8dc87564e798918da03ca73d100dd2623c239319a687550ca1ca364d5782b66c | Triage

Sharing

General

Target

8dc87564e798918da03ca73d100dd2623c239319a687550ca1ca364d5782b66c
Size

345KB
Sample

221122-yykypaba5t
MD5

df3dea2710d684c6606fd6b7b182f2c4
SHA1

00e80c47352c7d73de1a7aff94c6c39fade997d7
SHA256

8dc87564e798918da03ca73d100dd2623c239319a687550ca1ca364d5782b66c
SHA512

bbeeb332098353904a3aedac70c56cd5c803ad78fe84f54891d8bca30a10c743d62581f207d3e84e8d61f2ca8e33e87ac638b1c483be0eec84611997e5581dc8
SSDEEP

6144:uDkjip+aCO8Ekb8sTUI3+kSjpwvjdn3lfhuUtko88/8I9ifk:+ktaCik9R3WwrjVkI9iM

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  8dc87564e798918da03ca73d100dd2623c239319a687550ca1ca364d5782b66c
- Size
  
  345KB
- MD5
  
  df3dea2710d684c6606fd6b7b182f2c4
- SHA1
  
  00e80c47352c7d73de1a7aff94c6c39fade997d7
- SHA256
  
  8dc87564e798918da03ca73d100dd2623c239319a687550ca1ca364d5782b66c
- SHA512
  
  bbeeb332098353904a3aedac70c56cd5c803ad78fe84f54891d8bca30a10c743d62581f207d3e84e8d61f2ca8e33e87ac638b1c483be0eec84611997e5581dc8
- SSDEEP
  
  6144:uDkjip+aCO8Ekb8sTUI3+kSjpwvjdn3lfhuUtko88/8I9ifk:+ktaCik9R3WwrjVkI9iM
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan