imminent | bef47ee580d767276ad81f9a62b9a0665d385900caf7d699833478febf630ca6 | Triage

Sharing

General

Target

bef47ee580d767276ad81f9a62b9a0665d385900caf7d699833478febf630ca6
Size

1.0MB
Sample

221127-cbrl3afb7w
MD5

9b394d1298054e46b9a6c02a913cc154
SHA1

6c3b703c40c7c6b6fa8b20b1addc6c9486b44e4c
SHA256

bef47ee580d767276ad81f9a62b9a0665d385900caf7d699833478febf630ca6
SHA512

7d2fd065aab337958642dd3cb3df399a2f20890e0d8edb9221e62376000e33eeaa964c26afe08734e73303e239275f91d8f12d35aef9052c7ddea902f65cf22e
SSDEEP

12288:uQJcusgHkUdJSeuLzjQP32bZfGce3HPDbI31C42gFzuw5uaAoCgGnDY:ucvEiJTuXm2bEcKu8Pg/GnD

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  bef47ee580d767276ad81f9a62b9a0665d385900caf7d699833478febf630ca6
- Size
  
  1.0MB
- MD5
  
  9b394d1298054e46b9a6c02a913cc154
- SHA1
  
  6c3b703c40c7c6b6fa8b20b1addc6c9486b44e4c
- SHA256
  
  bef47ee580d767276ad81f9a62b9a0665d385900caf7d699833478febf630ca6
- SHA512
  
  7d2fd065aab337958642dd3cb3df399a2f20890e0d8edb9221e62376000e33eeaa964c26afe08734e73303e239275f91d8f12d35aef9052c7ddea902f65cf22e
- SSDEEP
  
  12288:uQJcusgHkUdJSeuLzjQP32bZfGce3HPDbI31C42gFzuw5uaAoCgGnDY:ucvEiJTuXm2bEcKu8Pg/GnD
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Process Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan