imminent | a4f3f4ffb7e625b76cc509b7c49d98669f0e0f5b3dde5b241d1b30c3d51d0635 | Triage

Sharing

General

Target

a4f3f4ffb7e625b76cc509b7c49d98669f0e0f5b3dde5b241d1b30c3d51d0635
Size

452KB
Sample

221125-tc35xshf22
MD5

88140b8a47b523da3f16de466e6ddbd7
SHA1

889dfdd52e48616862f48428e5fcb145d9a88255
SHA256

a4f3f4ffb7e625b76cc509b7c49d98669f0e0f5b3dde5b241d1b30c3d51d0635
SHA512

d6e7fe3dbbf75745ec4da3371051d3b12a0677f8d20b28487b9ba017c19be758d561434ff8b6be1def6984fb5c83646d44f8b9d0ea09e2aa96d5eef6bb399452
SSDEEP

12288:KFhlFYQMvgPhzLuvBszuKmx+Dj3Avzxenf4/41:KrlyQJzLuQu/+/3Yzxenf4g

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  a4f3f4ffb7e625b76cc509b7c49d98669f0e0f5b3dde5b241d1b30c3d51d0635
- Size
  
  452KB
- MD5
  
  88140b8a47b523da3f16de466e6ddbd7
- SHA1
  
  889dfdd52e48616862f48428e5fcb145d9a88255
- SHA256
  
  a4f3f4ffb7e625b76cc509b7c49d98669f0e0f5b3dde5b241d1b30c3d51d0635
- SHA512
  
  d6e7fe3dbbf75745ec4da3371051d3b12a0677f8d20b28487b9ba017c19be758d561434ff8b6be1def6984fb5c83646d44f8b9d0ea09e2aa96d5eef6bb399452
- SSDEEP
  
  12288:KFhlFYQMvgPhzLuvBszuKmx+Dj3Avzxenf4/41:KrlyQJzLuQu/+/3Yzxenf4g
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan