imminent | 4d323f4ec3880f6cbb6433e058cb73caf457f536f9c94c8c3e69eb2b5917780b | Triage

Submit
Reports

Overview

overview

Static

static

4d323f4ec3...0b.exe

windows7-x64

4d323f4ec3...0b.exe

windows10-2004-x64

Sharing

General

Target

4d323f4ec3880f6cbb6433e058cb73caf457f536f9c94c8c3e69eb2b5917780b
Size

1.5MB
Sample

221128-n9vl6agc2y
MD5

776849df995af2da444c2a6bd2e0e26c
SHA1

fd34715a18c64255f251ee719de24d52ecbd05eb
SHA256

4d323f4ec3880f6cbb6433e058cb73caf457f536f9c94c8c3e69eb2b5917780b
SHA512

6350f90df1ed840734dba2c0b5811cd9981062c2debe38c1a119869ad3bee20614592b6d6ec3f7e9253e3ddc6c1bbb83e4204f53a79f97e9fe9d2787bf7141e3
SSDEEP

24576:on0Rx12kuM4KOn1TDMc3FoYoGgnTuiVaUxw7VazA0hakPm8TRa:Aku7KOnRZoxnyiAUx4VaJaga

Score

10^/10

imminent persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

4d323f4ec3880f6cbb6433e058cb73caf457f536f9c94c8c3e69eb2b5917780b.exe

Resource

win7-20220812-en

imminent persistence spyware trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

4d323f4ec3880f6cbb6433e058cb73caf457f536f9c94c8c3e69eb2b5917780b.exe

Resource

win10v2004-20220901-en

imminent persistence spyware trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  4d323f4ec3880f6cbb6433e058cb73caf457f536f9c94c8c3e69eb2b5917780b
- Size
  
  1.5MB
- MD5
  
  776849df995af2da444c2a6bd2e0e26c
- SHA1
  
  fd34715a18c64255f251ee719de24d52ecbd05eb
- SHA256
  
  4d323f4ec3880f6cbb6433e058cb73caf457f536f9c94c8c3e69eb2b5917780b
- SHA512
  
  6350f90df1ed840734dba2c0b5811cd9981062c2debe38c1a119869ad3bee20614592b6d6ec3f7e9253e3ddc6c1bbb83e4204f53a79f97e9fe9d2787bf7141e3
- SSDEEP
  
  24576:on0Rx12kuM4KOn1TDMc3FoYoGgnTuiVaUxw7VazA0hakPm8TRa:Aku7KOnRZoxnyiAUx4VaJaga
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan

© 2018-2024

Terms | Privacy