imminent | e52686afa294deeb54086ecaedaa073a6a95d4df0d8b7810185cd664c773be55 | Triage

Sharing

General

Target

e52686afa294deeb54086ecaedaa073a6a95d4df0d8b7810185cd664c773be55
Size

710KB
Sample

221123-p3g8xsch46
MD5

b41be72917631662b809a97398b1cc2f
SHA1

86ffe8c475013335a595e45e61555d218c83ed6c
SHA256

e52686afa294deeb54086ecaedaa073a6a95d4df0d8b7810185cd664c773be55
SHA512

e6bd8298c1df98ca1d2954d419032d559afd17e55f82dcc9840114c7f8a0bb85b1eb74f84d832b172a4ba59f32fe1770db4419909fb73e83a96dacd3a79b8b39
SSDEEP

12288:8CcefLVxfez9WRoEwnHKMrMCFJEHylS43u6Zmpin3J:wQLV8zcRoTjw+JFsin

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  e52686afa294deeb54086ecaedaa073a6a95d4df0d8b7810185cd664c773be55
- Size
  
  710KB
- MD5
  
  b41be72917631662b809a97398b1cc2f
- SHA1
  
  86ffe8c475013335a595e45e61555d218c83ed6c
- SHA256
  
  e52686afa294deeb54086ecaedaa073a6a95d4df0d8b7810185cd664c773be55
- SHA512
  
  e6bd8298c1df98ca1d2954d419032d559afd17e55f82dcc9840114c7f8a0bb85b1eb74f84d832b172a4ba59f32fe1770db4419909fb73e83a96dacd3a79b8b39
- SSDEEP
  
  12288:8CcefLVxfez9WRoEwnHKMrMCFJEHylS43u6Zmpin3J:wQLV8zcRoTjw+JFsin
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2