imminent | 73906a5b99b597637dceb03a5a8edb1fa42894305dd98b65b64e9de248a5306f | Triage

Sharing

General

Target

73906a5b99b597637dceb03a5a8edb1fa42894305dd98b65b64e9de248a5306f
Size

273KB
Sample

221125-3xfpssga27
MD5

fec0638146178c56fafe585c3ec2431e
SHA1

eb6e6c739da7f191cfb23e173d80daa21a2d6e71
SHA256

73906a5b99b597637dceb03a5a8edb1fa42894305dd98b65b64e9de248a5306f
SHA512

11ab5498014069a1f1375b52ab5fb0be3ec80f61f64a502013f2cf29874d9e8882b7afa72f347401873a52eea25586d1ea9d6c7dd4b55ece03b1609d2ab5b0e6
SSDEEP

6144:7cVeEqxcaAH44yo8BNE1jp1i39fjaSYcOAdNsteW8ctlml:QVdTaN4yh01nkjaSYcOeNGeZIml

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  73906a5b99b597637dceb03a5a8edb1fa42894305dd98b65b64e9de248a5306f
- Size
  
  273KB
- MD5
  
  fec0638146178c56fafe585c3ec2431e
- SHA1
  
  eb6e6c739da7f191cfb23e173d80daa21a2d6e71
- SHA256
  
  73906a5b99b597637dceb03a5a8edb1fa42894305dd98b65b64e9de248a5306f
- SHA512
  
  11ab5498014069a1f1375b52ab5fb0be3ec80f61f64a502013f2cf29874d9e8882b7afa72f347401873a52eea25586d1ea9d6c7dd4b55ece03b1609d2ab5b0e6
- SSDEEP
  
  6144:7cVeEqxcaAH44yo8BNE1jp1i39fjaSYcOAdNsteW8ctlml:QVdTaN4yh01nkjaSYcOeNGeZIml
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan