imminent | 9434d6dd691283af18d896864788e34333f59e667bbcb545a888e94122a64167 | Triage

Submit
Reports

Overview

overview

Static

static

5

9434d6dd69...67.exe

windows7-x64

9434d6dd69...67.exe

windows10-2004-x64

Sharing

General

Target

9434d6dd691283af18d896864788e34333f59e667bbcb545a888e94122a64167
Size

1.2MB
Sample

221127-kjq99sch75
MD5

379e0df959d125dd0918429f05dd1ef1
SHA1

5d1fb50bd62fd90ff48b32edc704a85d099ee76b
SHA256

9434d6dd691283af18d896864788e34333f59e667bbcb545a888e94122a64167
SHA512

8b5786797012e01518def2fbda2d034d81012863e869728d94d06ce9b3c5ccedbf02e2f6840edcef9640ea1db8753f8e0a49d3a35ccc00d04d643addd8bcfd74
SSDEEP

24576:Rtb20pkaCqT5TBWgNQ7aggjTjiXxhFMxqWvg3b0g46A:iVg5tQ7aZjTjiXxcxNIYd5

Score

10^/10

imminent persistence spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9434d6dd691283af18d896864788e34333f59e667bbcb545a888e94122a64167.exe

Resource

win7-20220812-en

imminent persistence spyware trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

9434d6dd691283af18d896864788e34333f59e667bbcb545a888e94122a64167.exe

Resource

win10v2004-20220812-en

imminent persistence spyware trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  9434d6dd691283af18d896864788e34333f59e667bbcb545a888e94122a64167
- Size
  
  1.2MB
- MD5
  
  379e0df959d125dd0918429f05dd1ef1
- SHA1
  
  5d1fb50bd62fd90ff48b32edc704a85d099ee76b
- SHA256
  
  9434d6dd691283af18d896864788e34333f59e667bbcb545a888e94122a64167
- SHA512
  
  8b5786797012e01518def2fbda2d034d81012863e869728d94d06ce9b3c5ccedbf02e2f6840edcef9640ea1db8753f8e0a49d3a35ccc00d04d643addd8bcfd74
- SSDEEP
  
  24576:Rtb20pkaCqT5TBWgNQ7aggjTjiXxhFMxqWvg3b0g46A:iVg5tQ7aZjTjiXxcxNIYd5
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan

© 2018-2025

Terms | Privacy