imminent | 2bdee6400f5294dd19ed125b5f9cd8912afa1e3ee52d2d42774bc56f7915b2fb | Triage

Sharing

General

Target

2bdee6400f5294dd19ed125b5f9cd8912afa1e3ee52d2d42774bc56f7915b2fb
Size

496KB
Sample

221127-bx2tgsae96
MD5

29af9cab1531d6c0ed639af512cf27ac
SHA1

5b715bdebeceb3317344a45c26e12532e6ec2b04
SHA256

2bdee6400f5294dd19ed125b5f9cd8912afa1e3ee52d2d42774bc56f7915b2fb
SHA512

a6143c8ba490067b0bb60541315cbf62990c96dfacea52312d6dc2b75d64fe01db32f40a9e16c286122f40aa38124572a218fdeea7fe3a586bba6ca8a7cde690
SSDEEP

6144:gVU0tvTGtvSTEsaSHFHsBHdwRAvEkYARm2KIwCAQpUOxSjxykI:ga0t5zHtnRATHRm2KIwCvUOxSjx+

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  2bdee6400f5294dd19ed125b5f9cd8912afa1e3ee52d2d42774bc56f7915b2fb
- Size
  
  496KB
- MD5
  
  29af9cab1531d6c0ed639af512cf27ac
- SHA1
  
  5b715bdebeceb3317344a45c26e12532e6ec2b04
- SHA256
  
  2bdee6400f5294dd19ed125b5f9cd8912afa1e3ee52d2d42774bc56f7915b2fb
- SHA512
  
  a6143c8ba490067b0bb60541315cbf62990c96dfacea52312d6dc2b75d64fe01db32f40a9e16c286122f40aa38124572a218fdeea7fe3a586bba6ca8a7cde690
- SSDEEP
  
  6144:gVU0tvTGtvSTEsaSHFHsBHdwRAvEkYARm2KIwCAQpUOxSjxykI:ga0t5zHtnRATHRm2KIwCvUOxSjx+
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2