imminent | a1446f8a88c9bca2fad52a0ff947da22e39c333a92cdaf94b8bea057a53a58bd | Triage

Sharing

General

Target

a1446f8a88c9bca2fad52a0ff947da22e39c333a92cdaf94b8bea057a53a58bd
Size

710KB
Sample

221123-qsekqahg3w
MD5

5a7e77a95600488a4c71c7265ed56318
SHA1

bbe25206df08cfe42faa103c2554a01f7b7ac4c1
SHA256

a1446f8a88c9bca2fad52a0ff947da22e39c333a92cdaf94b8bea057a53a58bd
SHA512

7a89aeb0707b49cd1f372a762cb324f68728a7292fca2fc88cd73c8ddbe26f637512a51ff064d23590485afca43e11167cd2f94d5d04815a42de881f8aab2ce2
SSDEEP

12288:6Rt6IH+CDMqBTrtr1GDz7oocTRX9uciG6wH5g2fWh6Pcr7j6h:iDHRBThhGv7oHRXAM5pPK7

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  a1446f8a88c9bca2fad52a0ff947da22e39c333a92cdaf94b8bea057a53a58bd
- Size
  
  710KB
- MD5
  
  5a7e77a95600488a4c71c7265ed56318
- SHA1
  
  bbe25206df08cfe42faa103c2554a01f7b7ac4c1
- SHA256
  
  a1446f8a88c9bca2fad52a0ff947da22e39c333a92cdaf94b8bea057a53a58bd
- SHA512
  
  7a89aeb0707b49cd1f372a762cb324f68728a7292fca2fc88cd73c8ddbe26f637512a51ff064d23590485afca43e11167cd2f94d5d04815a42de881f8aab2ce2
- SSDEEP
  
  12288:6Rt6IH+CDMqBTrtr1GDz7oocTRX9uciG6wH5g2fWh6Pcr7j6h:iDHRBThhGv7oHRXAM5pPK7
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan