Overview

overview

10

Static

static

3

Imminent M... 5.zip

windows7-x64

10

Imminent M... 5.zip

windows10-1703-x64

10

Imminent M... 5.zip

windows10-2004-x64

10

Imminent M... 5.zip

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Imminent Monitor 5.zip

  • Size

    90.7MB

  • Sample

    240125-v26g1sbfg5

  • MD5

    acbfd95a52f809b3b6503e8b7d56ca1e

  • SHA1

    f2bad191092a050d539c9ce4b24b7acf4679e016

  • SHA256

    3f1a5c8a16513c0a906df7062820a2f260023e950a364a7b0bb6b7c14ac84657

  • SHA512

    9438b9bf8869c4b276d3169b29c7ab4e5264e31bb7a4d3346fb662af8da2fcd69fa84283576811164a67f1fe181667e9a25d2cfaaa788d1d9a4b9583a8ffe3a7

  • SSDEEP

    1572864:GIZVbryhuJj42XMP5NTEU3VMFWSy8A94GHcXleqXVtNnbfj7:Gqag82uh3VzSyv94GHYeqFtNH7

Score
10/10
imminentkinsingloaderpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      Imminent Monitor 5.zip

    • Size

      90.7MB

    • MD5

      acbfd95a52f809b3b6503e8b7d56ca1e

    • SHA1

      f2bad191092a050d539c9ce4b24b7acf4679e016

    • SHA256

      3f1a5c8a16513c0a906df7062820a2f260023e950a364a7b0bb6b7c14ac84657

    • SHA512

      9438b9bf8869c4b276d3169b29c7ab4e5264e31bb7a4d3346fb662af8da2fcd69fa84283576811164a67f1fe181667e9a25d2cfaaa788d1d9a4b9583a8ffe3a7

    • SSDEEP

      1572864:GIZVbryhuJj42XMP5NTEU3VMFWSy8A94GHcXleqXVtNnbfj7:Gqag82uh3VzSyv94GHYeqFtNH7

    Score
    10/10
    imminentspywaretrojankinsingloaderpersistencestealer

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

2
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks