imminent | 48e1f8993271d9a1f5b01331ba137daf7e2c00cf84772f1202c77d8d2d9f08e3 | Triage

Submit
Reports

Overview

overview

Static

static

48e1f89932...e3.exe

windows7-x64

48e1f89932...e3.exe

windows10-2004-x64

Sharing

General

Target

48e1f8993271d9a1f5b01331ba137daf7e2c00cf84772f1202c77d8d2d9f08e3
Size

1.2MB
Sample

221126-2tm42aef4s
MD5

33a67ab9f3cd79bb48c8e3db30728986
SHA1

b0154442643a0d8dafd036a501bf5e40245a0841
SHA256

48e1f8993271d9a1f5b01331ba137daf7e2c00cf84772f1202c77d8d2d9f08e3
SHA512

4c0f15131b9a5d05ded58b51fc75e1d0c2070f7b6b859b0fb84d2c5c23d8bcc257e342d8f44734004b4b48ee2be1a50f0218610ba67fdc23af2d89bc6c15fd83
SSDEEP

24576:A8ndVY0XKelcxVs1I5pYLqEeYmoRq1CNRa9XURbHudjrcSdg:A8nzYIOUQW2EeYBRq1Ag9XURbHuhm

Score

10^/10

imminent persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

48e1f8993271d9a1f5b01331ba137daf7e2c00cf84772f1202c77d8d2d9f08e3.exe

Resource

win7-20220812-en

imminent persistence spyware trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

48e1f8993271d9a1f5b01331ba137daf7e2c00cf84772f1202c77d8d2d9f08e3.exe

Resource

win10v2004-20221111-en

imminent persistence spyware trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  48e1f8993271d9a1f5b01331ba137daf7e2c00cf84772f1202c77d8d2d9f08e3
- Size
  
  1.2MB
- MD5
  
  33a67ab9f3cd79bb48c8e3db30728986
- SHA1
  
  b0154442643a0d8dafd036a501bf5e40245a0841
- SHA256
  
  48e1f8993271d9a1f5b01331ba137daf7e2c00cf84772f1202c77d8d2d9f08e3
- SHA512
  
  4c0f15131b9a5d05ded58b51fc75e1d0c2070f7b6b859b0fb84d2c5c23d8bcc257e342d8f44734004b4b48ee2be1a50f0218610ba67fdc23af2d89bc6c15fd83
- SSDEEP
  
  24576:A8ndVY0XKelcxVs1I5pYLqEeYmoRq1CNRa9XURbHudjrcSdg:A8nzYIOUQW2EeYBRq1Ag9XURbHuhm
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan

© 2018-2024

Terms | Privacy