imminent | c55f22213dda901e2b97ccce6f5e46abd008c7a07eb7fe9ca8ce3c5bcc1dee95 | Triage

Submit
Reports

Overview

overview

Static

static

c55f22213d...95.exe

windows7-x64

c55f22213d...95.exe

windows10-2004-x64

Sharing

General

Target

c55f22213dda901e2b97ccce6f5e46abd008c7a07eb7fe9ca8ce3c5bcc1dee95
Size

352KB
Sample

221127-ajbjpsad9y
MD5

6120e5e74937174530953b8b465e262e
SHA1

c4eed2041c3fd371b945b46bf2c1a8c008139f1b
SHA256

c55f22213dda901e2b97ccce6f5e46abd008c7a07eb7fe9ca8ce3c5bcc1dee95
SHA512

0417beb2dea331199a57a01b4c8169c52bc6e4475975fd726664395e02b9ac012e54d19ec991fa72745116d636ebc2c7ebcba07f0da6129f24cf2207b509ca3e
SSDEEP

6144:gRaO5ZNlcj2iMDMmeY0ixpeQRokqmnQw1ToomRPX/sSMPXOkNp0QHkBAYn8V:5wcaDMmeY7xpbtnh16RPXElPXOkNaqMn

Score

10^/10

imminent persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

c55f22213dda901e2b97ccce6f5e46abd008c7a07eb7fe9ca8ce3c5bcc1dee95.exe

Resource

win7-20220901-en

imminent persistence spyware trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

c55f22213dda901e2b97ccce6f5e46abd008c7a07eb7fe9ca8ce3c5bcc1dee95.exe

Resource

win10v2004-20220812-en

imminent persistence spyware trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  c55f22213dda901e2b97ccce6f5e46abd008c7a07eb7fe9ca8ce3c5bcc1dee95
- Size
  
  352KB
- MD5
  
  6120e5e74937174530953b8b465e262e
- SHA1
  
  c4eed2041c3fd371b945b46bf2c1a8c008139f1b
- SHA256
  
  c55f22213dda901e2b97ccce6f5e46abd008c7a07eb7fe9ca8ce3c5bcc1dee95
- SHA512
  
  0417beb2dea331199a57a01b4c8169c52bc6e4475975fd726664395e02b9ac012e54d19ec991fa72745116d636ebc2c7ebcba07f0da6129f24cf2207b509ca3e
- SSDEEP
  
  6144:gRaO5ZNlcj2iMDMmeY0ixpeQRokqmnQw1ToomRPX/sSMPXOkNp0QHkBAYn8V:5wcaDMmeY7xpbtnh16RPXElPXOkNaqMn
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan

© 2018-2025

Terms | Privacy