imminent | 7c6797d7876998723dcc421e995b06548610c3eabe4d40d1827c76b168f654a2 | Triage

Sharing

General

Target

7c6797d7876998723dcc421e995b06548610c3eabe4d40d1827c76b168f654a2
Size

272KB
Sample

221127-a5fesabh8w
MD5

cf0956913ec4b58d1c30ff6e2d5df829
SHA1

5bcb282df2cac032df8130d029bade10f2a4c2ef
SHA256

7c6797d7876998723dcc421e995b06548610c3eabe4d40d1827c76b168f654a2
SHA512

c335c2d88e6129b6563f822fb13cd688731ed783db364bb54b6f4d6e3813301197bcb77a39d4f9ec21a49e13e95fb224d95911cc4276cd5094548326303a7699
SSDEEP

6144:zAUqEQ4Nq7CC4B24uUxk72vluD0CaHctlQ:YEQ4N7CW2YkqQvEI

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  7c6797d7876998723dcc421e995b06548610c3eabe4d40d1827c76b168f654a2
- Size
  
  272KB
- MD5
  
  cf0956913ec4b58d1c30ff6e2d5df829
- SHA1
  
  5bcb282df2cac032df8130d029bade10f2a4c2ef
- SHA256
  
  7c6797d7876998723dcc421e995b06548610c3eabe4d40d1827c76b168f654a2
- SHA512
  
  c335c2d88e6129b6563f822fb13cd688731ed783db364bb54b6f4d6e3813301197bcb77a39d4f9ec21a49e13e95fb224d95911cc4276cd5094548326303a7699
- SSDEEP
  
  6144:zAUqEQ4Nq7CC4B24uUxk72vluD0CaHctlQ:YEQ4N7CW2YkqQvEI
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan