imminent | 99852f0501da89c3c2196603db2fb7c8b9b7a5347038d76bd6200db88e246c46 | Triage

Sharing

General

Target

fed1364a482fec067c0352b75eb3223cd70b5f7c
Size

716KB
Sample

230202-qyegxaaa53
MD5

7095eacc03da70ea1c7d70e003aa6c66
SHA1

fed1364a482fec067c0352b75eb3223cd70b5f7c
SHA256

99852f0501da89c3c2196603db2fb7c8b9b7a5347038d76bd6200db88e246c46
SHA512

3aca17f6204283e9913ca746e69838b7dabd34bb33d8f4f3b105b94fe90c2a48d36e22f731454bbe6baee0cd04c367f0448547059979518f0071a9a1bed046f7
SSDEEP

12288:JLQRuCnFdoOsVQPxh3PuTBY4mC0hZQF3/MLN5kQBPCGjezmyeOawU34v:O0CbsV6QTBYG0hZQF3/2rhBKc/XOnUov

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  PURCHASE ORDER RFQ_CF-170419S3_.exe
- Size
  
  1.1MB
- MD5
  
  10e0c2c544c56f8bb1deb536590606ff
- SHA1
  
  99a8d3a2bc97c8941d0c78bb655e2d57244706f4
- SHA256
  
  77b7607e09f39f64d606008da2c8009faf892f625843e3db0dff4ac304edba8d
- SHA512
  
  3fed3afdc39e4635bc9fb6a2525e4850c00d882b15dc8fd218c64d4df1ad4e358564cf3e13f7909aa96c0afcca1c3e48245b83e91b83fa69dd578c98b409f1ea
- SSDEEP
  
  24576:LCMmK3Aw7NM0AiSYLaTm4W0hZEd3/2dhJgM9bObUtv:LC+7q0tqT5No6wMl8Ut
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan