imminent | eb975aeaaf038751aa94d25ed94e0c56107de932f236b83650ac51778ca11931 | Triage

Submit
Reports

Overview

overview

Static

static

eb975aeaaf...31.exe

windows7-x64

eb975aeaaf...31.exe

windows10-2004-x64

Sharing

General

Target

eb975aeaaf038751aa94d25ed94e0c56107de932f236b83650ac51778ca11931
Size

1.4MB
Sample

221128-w2ke8abd6t
MD5

c3a012f02656f46f5d072571531c6525
SHA1

7638c66e36ca156903cfac0ac7e69c20207e0d3c
SHA256

eb975aeaaf038751aa94d25ed94e0c56107de932f236b83650ac51778ca11931
SHA512

c4c61117ea017da1b5a4da8569ac5c0df95409408fa8f26a5950b38c188f677dd247a7d8988968d7231273f8e8e43accd389b59a42bf962f8c85d1706001fc00
SSDEEP

12288:8qOIM5nP5WBPS8n/iN6cg1wFIa0FsMps:8qA5nRkPTn/iZZItOMps

Score

10^/10

imminent persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

eb975aeaaf038751aa94d25ed94e0c56107de932f236b83650ac51778ca11931.exe

Resource

win7-20220812-en

imminent persistence spyware trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

eb975aeaaf038751aa94d25ed94e0c56107de932f236b83650ac51778ca11931.exe

Resource

win10v2004-20220812-en

imminent persistence spyware trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  eb975aeaaf038751aa94d25ed94e0c56107de932f236b83650ac51778ca11931
- Size
  
  1.4MB
- MD5
  
  c3a012f02656f46f5d072571531c6525
- SHA1
  
  7638c66e36ca156903cfac0ac7e69c20207e0d3c
- SHA256
  
  eb975aeaaf038751aa94d25ed94e0c56107de932f236b83650ac51778ca11931
- SHA512
  
  c4c61117ea017da1b5a4da8569ac5c0df95409408fa8f26a5950b38c188f677dd247a7d8988968d7231273f8e8e43accd389b59a42bf962f8c85d1706001fc00
- SSDEEP
  
  12288:8qOIM5nP5WBPS8n/iN6cg1wFIa0FsMps:8qA5nRkPTn/iZZItOMps
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan

© 2018-2025

Terms | Privacy