imminent | cf4668ee1fc1cccfaec7eea2123bf6c1c06fcbac189b8a893dab2c443d526277 | Triage

Submit
Reports

Overview

overview

Static

static

5

cf4668ee1f...77.exe

windows7-x64

cf4668ee1f...77.exe

windows10-2004-x64

Sharing

General

Target

cf4668ee1fc1cccfaec7eea2123bf6c1c06fcbac189b8a893dab2c443d526277
Size

1.3MB
Sample

221125-3cwkhshc6t
MD5

b508a0d602fa785703bd2137159b5765
SHA1

4ca19968a69f11b308576eba1c0883855c39cb3d
SHA256

cf4668ee1fc1cccfaec7eea2123bf6c1c06fcbac189b8a893dab2c443d526277
SHA512

0264018ab367a85cb746db332ef33518a90095324ada25bdd317cdf45fb1874ec0ad268ca919dd858ae8834b37a7c1618253ac6c8660194a4df141883d8ddeed
SSDEEP

24576:Btb20pkaCqT5TBWgNQ7aAfl56kACVuYFYG6A:SVg5tQ7a4v6kAGP5

Score

10^/10

imminent persistence spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cf4668ee1fc1cccfaec7eea2123bf6c1c06fcbac189b8a893dab2c443d526277.exe

Resource

win7-20220901-en

imminent persistence spyware trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

cf4668ee1fc1cccfaec7eea2123bf6c1c06fcbac189b8a893dab2c443d526277.exe

Resource

win10v2004-20220812-en

imminent persistence spyware trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  cf4668ee1fc1cccfaec7eea2123bf6c1c06fcbac189b8a893dab2c443d526277
- Size
  
  1.3MB
- MD5
  
  b508a0d602fa785703bd2137159b5765
- SHA1
  
  4ca19968a69f11b308576eba1c0883855c39cb3d
- SHA256
  
  cf4668ee1fc1cccfaec7eea2123bf6c1c06fcbac189b8a893dab2c443d526277
- SHA512
  
  0264018ab367a85cb746db332ef33518a90095324ada25bdd317cdf45fb1874ec0ad268ca919dd858ae8834b37a7c1618253ac6c8660194a4df141883d8ddeed
- SSDEEP
  
  24576:Btb20pkaCqT5TBWgNQ7aAfl56kACVuYFYG6A:SVg5tQ7a4v6kAGP5
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan

© 2018-2025

Terms | Privacy