imminent | d0ad43c1114c175dcc0480f6fc9965a6356d927957474c7d9a9f5ca0ae5e15ba | Triage

Sharing

General

Target

d0ad43c1114c175dcc0480f6fc9965a6356d927957474c7d9a9f5ca0ae5e15ba
Size

272KB
Sample

221126-1accrafa43
MD5

a374384e1b398b929e3ff31be5579c80
SHA1

921f79049cc4c23304cdfefdd844b84aeeed87a1
SHA256

d0ad43c1114c175dcc0480f6fc9965a6356d927957474c7d9a9f5ca0ae5e15ba
SHA512

7d81967fb224ccaa379763d649b15d78292c6a8cc6cc588607418a3b0c1e6afa7526eb02e99e74f623a9280b5531cd206928bc788462aab931f2aafd08d4c57e
SSDEEP

6144:6MrGiRoPEsoIQX/S+uCl+s9tCvacVOqgOBCctl+m:nrzC8s1kl+s9tsaWOqgOYIn

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  d0ad43c1114c175dcc0480f6fc9965a6356d927957474c7d9a9f5ca0ae5e15ba
- Size
  
  272KB
- MD5
  
  a374384e1b398b929e3ff31be5579c80
- SHA1
  
  921f79049cc4c23304cdfefdd844b84aeeed87a1
- SHA256
  
  d0ad43c1114c175dcc0480f6fc9965a6356d927957474c7d9a9f5ca0ae5e15ba
- SHA512
  
  7d81967fb224ccaa379763d649b15d78292c6a8cc6cc588607418a3b0c1e6afa7526eb02e99e74f623a9280b5531cd206928bc788462aab931f2aafd08d4c57e
- SSDEEP
  
  6144:6MrGiRoPEsoIQX/S+uCl+s9tCvacVOqgOBCctl+m:nrzC8s1kl+s9tsaWOqgOYIn
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan