imminent | 5f9cce7dd917c1b227ba62a252afb08e9365a236547bfa3e073e013a1f0db655 | Triage

Submit
Reports

Overview

overview

Static

static

5f9cce7dd9...55.exe

windows7-x64

5f9cce7dd9...55.exe

windows10-2004-x64

Sharing

General

Target

5f9cce7dd917c1b227ba62a252afb08e9365a236547bfa3e073e013a1f0db655
Size

282KB
Sample

221127-b22dhsed9z
MD5

ac043974e9a4d4424f0f64484a80a024
SHA1

fe38871e518ef5e8cad4634ccf1d575bf9574315
SHA256

5f9cce7dd917c1b227ba62a252afb08e9365a236547bfa3e073e013a1f0db655
SHA512

639edfa42065d0a106646d64f62fec6905194521800bf7e058d399dbe2925ecc1a9df9ccce4c6f618f1f10443b18686cebe4f4fa64695477269b4cbdd976b368
SSDEEP

6144:W3i8duvIudDL9feU3ob3FuijpKtNKd0KS24QQipm92pFmxYPGcR:+Fuwu99W93F3KtN4rLXpkxVC

Score

10^/10

imminent persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

5f9cce7dd917c1b227ba62a252afb08e9365a236547bfa3e073e013a1f0db655.exe

Resource

win7-20220812-en

imminent persistence spyware trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

5f9cce7dd917c1b227ba62a252afb08e9365a236547bfa3e073e013a1f0db655.exe

Resource

win10v2004-20220812-en

imminent persistence spyware trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  5f9cce7dd917c1b227ba62a252afb08e9365a236547bfa3e073e013a1f0db655
- Size
  
  282KB
- MD5
  
  ac043974e9a4d4424f0f64484a80a024
- SHA1
  
  fe38871e518ef5e8cad4634ccf1d575bf9574315
- SHA256
  
  5f9cce7dd917c1b227ba62a252afb08e9365a236547bfa3e073e013a1f0db655
- SHA512
  
  639edfa42065d0a106646d64f62fec6905194521800bf7e058d399dbe2925ecc1a9df9ccce4c6f618f1f10443b18686cebe4f4fa64695477269b4cbdd976b368
- SSDEEP
  
  6144:W3i8duvIudDL9feU3ob3FuijpKtNKd0KS24QQipm92pFmxYPGcR:+Fuwu99W93F3KtN4rLXpkxVC
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan

© 2018-2025

Terms | Privacy