imminent | 0b4eeabdc96cc162048d7044c76a3a7beb38c412211509f8353b09330c094e8c | Triage

Sharing

General

Target

0b4eeabdc96cc162048d7044c76a3a7beb38c412211509f8353b09330c094e8c
Size

928KB
Sample

221123-sdp41sba89
MD5

4e18999a9eb7a19a2a11b2bde42a3986
SHA1

804c53fd650b947ff4a38e091151e408db7db81d
SHA256

0b4eeabdc96cc162048d7044c76a3a7beb38c412211509f8353b09330c094e8c
SHA512

b901c52d7602695abb4688bdcd1f5e88e7adb2231182ffcb2c0515eb371d1d1afc99583e3be63e7a34df3055c6797109350ed45e336621064059eebf800680e2
SSDEEP

12288:dKv6gQuk6Ht9LPPZIG8oJ+fOFXQee7omDdFivT0VYaqVd5Ack:4CgQYHLPPZITOFgeW+oDqG

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  0b4eeabdc96cc162048d7044c76a3a7beb38c412211509f8353b09330c094e8c
- Size
  
  928KB
- MD5
  
  4e18999a9eb7a19a2a11b2bde42a3986
- SHA1
  
  804c53fd650b947ff4a38e091151e408db7db81d
- SHA256
  
  0b4eeabdc96cc162048d7044c76a3a7beb38c412211509f8353b09330c094e8c
- SHA512
  
  b901c52d7602695abb4688bdcd1f5e88e7adb2231182ffcb2c0515eb371d1d1afc99583e3be63e7a34df3055c6797109350ed45e336621064059eebf800680e2
- SSDEEP
  
  12288:dKv6gQuk6Ht9LPPZIG8oJ+fOFXQee7omDdFivT0VYaqVd5Ack:4CgQYHLPPZITOFgeW+oDqG
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2