imminent | 28c78b79dbd42cf8c1e6d8170c3b257246af1fa0ce52fd8e4af741f2d2fd5e95 | Triage

Sharing

General

Target

28c78b79dbd42cf8c1e6d8170c3b257246af1fa0ce52fd8e4af741f2d2fd5e95
Size

509KB
Sample

221123-r3z5vaac85
MD5

2d59e22e6944200d8608b02d3e94f23b
SHA1

7fa019f86180014abc5a3c8521bcbc883b5fff24
SHA256

28c78b79dbd42cf8c1e6d8170c3b257246af1fa0ce52fd8e4af741f2d2fd5e95
SHA512

32b66dc06b511ce0b188685967b9179eb39dbff7f20a30737ee034e2402dbe606f6372a6bb2a64b236a1b41a65253a29a1de1f1882b33e0cb46d3bf25462db31
SSDEEP

6144:6rQFs7bn4vk9O8NZ9rev5CqMYKeSVjWpr/kUmcB1SrKSo0HZM:6vO+URmW8KycBMpZS

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  28c78b79dbd42cf8c1e6d8170c3b257246af1fa0ce52fd8e4af741f2d2fd5e95
- Size
  
  509KB
- MD5
  
  2d59e22e6944200d8608b02d3e94f23b
- SHA1
  
  7fa019f86180014abc5a3c8521bcbc883b5fff24
- SHA256
  
  28c78b79dbd42cf8c1e6d8170c3b257246af1fa0ce52fd8e4af741f2d2fd5e95
- SHA512
  
  32b66dc06b511ce0b188685967b9179eb39dbff7f20a30737ee034e2402dbe606f6372a6bb2a64b236a1b41a65253a29a1de1f1882b33e0cb46d3bf25462db31
- SSDEEP
  
  6144:6rQFs7bn4vk9O8NZ9rev5CqMYKeSVjWpr/kUmcB1SrKSo0HZM:6vO+URmW8KycBMpZS
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

imminentpersistencespywaretrojan