imminent | a60c8f0490534472a789ebd6a3d9646b0c4508af4c4004a3717a4c0405be269d | Triage

Submit
Reports

Overview

overview

Static

static

a60c8f0490...9d.exe

windows7-x64

a60c8f0490...9d.exe

windows10-2004-x64

Sharing

General

Target

a60c8f0490534472a789ebd6a3d9646b0c4508af4c4004a3717a4c0405be269d
Size

780KB
Sample

221123-trzfaahh9z
MD5

1e85709c537a55ca4816aad062848fd7
SHA1

c5e1bc1c8b77148130832cd5127a1f5ffd31d789
SHA256

a60c8f0490534472a789ebd6a3d9646b0c4508af4c4004a3717a4c0405be269d
SHA512

f36f6fa98b7ce75424d45638f9353cadb753b6df0000cd973ebe6c7317ff7cc1c934416e426d3f4339fb1b97426e60ac8734d320da94bcae77af62f061147917
SSDEEP

12288:0q+oM6kHhiITgsJxhk51g7Cd7wdqTxuCi+7zXHYDe0vSvqINrsfo:0JVhRJx62767j9i2GaLj

Score

10^/10

imminent persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

a60c8f0490534472a789ebd6a3d9646b0c4508af4c4004a3717a4c0405be269d.exe

Resource

win7-20221111-en

imminent persistence spyware trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

a60c8f0490534472a789ebd6a3d9646b0c4508af4c4004a3717a4c0405be269d.exe

Resource

win10v2004-20221111-en

imminent persistence spyware trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  a60c8f0490534472a789ebd6a3d9646b0c4508af4c4004a3717a4c0405be269d
- Size
  
  780KB
- MD5
  
  1e85709c537a55ca4816aad062848fd7
- SHA1
  
  c5e1bc1c8b77148130832cd5127a1f5ffd31d789
- SHA256
  
  a60c8f0490534472a789ebd6a3d9646b0c4508af4c4004a3717a4c0405be269d
- SHA512
  
  f36f6fa98b7ce75424d45638f9353cadb753b6df0000cd973ebe6c7317ff7cc1c934416e426d3f4339fb1b97426e60ac8734d320da94bcae77af62f061147917
- SSDEEP
  
  12288:0q+oM6kHhiITgsJxhk51g7Cd7wdqTxuCi+7zXHYDe0vSvqINrsfo:0JVhRJx62767j9i2GaLj
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan

© 2018-2025

Terms | Privacy