imminent | 9bb32479c6ab4c4183e6786bb0c0209a9563adbc1a01f426e9c309b156c3c980 | Triage

Sharing

General

Target

9bb32479c6ab4c4183e6786bb0c0209a9563adbc1a01f426e9c309b156c3c980
Size

341KB
Sample

221125-3n3szaac6z
MD5

b71297fc07c65a8bbc77dc95d1370aec
SHA1

22f51ce0e1add2a9b5b9a58e0f9917a851ac4026
SHA256

9bb32479c6ab4c4183e6786bb0c0209a9563adbc1a01f426e9c309b156c3c980
SHA512

f47e63e7dddbd17e56ff08db586b87ecad425933a2b1caf55cfab544a246e037d26acfadce5d95173a92b8f48668e9adab696f94081c05e30ba8ce58c22a0970
SSDEEP

6144:dli+u8SuAKUFllL/eM8+m0/oIMEXCiWONRM3/GD7ClYGAmlLjXNlXXxNbJndgtN3:dm8HAxFlkM8+m0QIMESFmRU/QFvojXN+

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  9bb32479c6ab4c4183e6786bb0c0209a9563adbc1a01f426e9c309b156c3c980
- Size
  
  341KB
- MD5
  
  b71297fc07c65a8bbc77dc95d1370aec
- SHA1
  
  22f51ce0e1add2a9b5b9a58e0f9917a851ac4026
- SHA256
  
  9bb32479c6ab4c4183e6786bb0c0209a9563adbc1a01f426e9c309b156c3c980
- SHA512
  
  f47e63e7dddbd17e56ff08db586b87ecad425933a2b1caf55cfab544a246e037d26acfadce5d95173a92b8f48668e9adab696f94081c05e30ba8ce58c22a0970
- SSDEEP
  
  6144:dli+u8SuAKUFllL/eM8+m0/oIMEXCiWONRM3/GD7ClYGAmlLjXNlXXxNbJndgtN3:dm8HAxFlkM8+m0QIMESFmRU/QFvojXN+
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan