imminent | a1446f8a88c9bca2fad52a0ff947da22e39c333a92cdaf94b8bea057a53a58bd | Triage

Submit
Reports

Overview

overview

Static

static

a1446f8a88...bd.exe

windows7-x64

a1446f8a88...bd.exe

windows10-2004-x64

Sharing

General

Target

a1446f8a88c9bca2fad52a0ff947da22e39c333a92cdaf94b8bea057a53a58bd
Size

710KB
Sample

221123-qsekqahg3w
MD5

5a7e77a95600488a4c71c7265ed56318
SHA1

bbe25206df08cfe42faa103c2554a01f7b7ac4c1
SHA256

a1446f8a88c9bca2fad52a0ff947da22e39c333a92cdaf94b8bea057a53a58bd
SHA512

7a89aeb0707b49cd1f372a762cb324f68728a7292fca2fc88cd73c8ddbe26f637512a51ff064d23590485afca43e11167cd2f94d5d04815a42de881f8aab2ce2
SSDEEP

12288:6Rt6IH+CDMqBTrtr1GDz7oocTRX9uciG6wH5g2fWh6Pcr7j6h:iDHRBThhGv7oHRXAM5pPK7

Score

10^/10

imminent persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

a1446f8a88c9bca2fad52a0ff947da22e39c333a92cdaf94b8bea057a53a58bd.exe

Resource

win7-20221111-en

imminent persistence spyware trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

a1446f8a88c9bca2fad52a0ff947da22e39c333a92cdaf94b8bea057a53a58bd.exe

Resource

win10v2004-20221111-en

imminent persistence spyware trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  a1446f8a88c9bca2fad52a0ff947da22e39c333a92cdaf94b8bea057a53a58bd
- Size
  
  710KB
- MD5
  
  5a7e77a95600488a4c71c7265ed56318
- SHA1
  
  bbe25206df08cfe42faa103c2554a01f7b7ac4c1
- SHA256
  
  a1446f8a88c9bca2fad52a0ff947da22e39c333a92cdaf94b8bea057a53a58bd
- SHA512
  
  7a89aeb0707b49cd1f372a762cb324f68728a7292fca2fc88cd73c8ddbe26f637512a51ff064d23590485afca43e11167cd2f94d5d04815a42de881f8aab2ce2
- SSDEEP
  
  12288:6Rt6IH+CDMqBTrtr1GDz7oocTRX9uciG6wH5g2fWh6Pcr7j6h:iDHRBThhGv7oHRXAM5pPK7
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan

© 2018-2024

Terms | Privacy