imminent | e82ce1fcb3f98208cc5b028382132c0e201c3688c147d5f6d2150223e70bb517 | Triage

Submit
Reports

Overview

overview

Static

static

e82ce1fcb3...17.exe

windows7-x64

e82ce1fcb3...17.exe

windows10-2004-x64

Sharing

General

Target

e82ce1fcb3f98208cc5b028382132c0e201c3688c147d5f6d2150223e70bb517
Size

608KB
Sample

221124-ezc5paca9s
MD5

22b68e8a9572775e7a9ea9ab215fdd4c
SHA1

1416c3fdcafd6a6c4c6c0f4b1a4bdbfceb057733
SHA256

e82ce1fcb3f98208cc5b028382132c0e201c3688c147d5f6d2150223e70bb517
SHA512

59a3a92b22dcf285f3c978585f2341b94a5784df069964ed3afa8026a71271189b543c848af4db4202386187e43c95605779127a1316ce7c2fc98da0f2c4dbc0
SSDEEP

12288:u9uAMJd+ZVA7lubbZWLDBiJUfU9OS8feM2:u9u1/lublm1iK6t

Score

10^/10

imminent persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

e82ce1fcb3f98208cc5b028382132c0e201c3688c147d5f6d2150223e70bb517.exe

Resource

win7-20221111-en

imminent persistence spyware trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

e82ce1fcb3f98208cc5b028382132c0e201c3688c147d5f6d2150223e70bb517.exe

Resource

win10v2004-20220812-en

imminent persistence spyware trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  e82ce1fcb3f98208cc5b028382132c0e201c3688c147d5f6d2150223e70bb517
- Size
  
  608KB
- MD5
  
  22b68e8a9572775e7a9ea9ab215fdd4c
- SHA1
  
  1416c3fdcafd6a6c4c6c0f4b1a4bdbfceb057733
- SHA256
  
  e82ce1fcb3f98208cc5b028382132c0e201c3688c147d5f6d2150223e70bb517
- SHA512
  
  59a3a92b22dcf285f3c978585f2341b94a5784df069964ed3afa8026a71271189b543c848af4db4202386187e43c95605779127a1316ce7c2fc98da0f2c4dbc0
- SSDEEP
  
  12288:u9uAMJd+ZVA7lubbZWLDBiJUfU9OS8feM2:u9u1/lublm1iK6t
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan

© 2018-2024

Terms | Privacy