imminent | 00039be931e4e18d0b62df135a5bfc5457365c6797f1153076baa6366e347130 | Triage

Submit
Reports

Overview

overview

Static

static

00039be931...30.exe

windows7-x64

00039be931...30.exe

windows10-2004-x64

Sharing

General

Target

00039be931e4e18d0b62df135a5bfc5457365c6797f1153076baa6366e347130
Size

354KB
Sample

240304-vl5wjsgf43
MD5

c5751319ba50158c8d86bdc778b82e58
SHA1

944999322cd74164446a9d4ba0dd62cbbb4fe53c
SHA256

00039be931e4e18d0b62df135a5bfc5457365c6797f1153076baa6366e347130
SHA512

bff0e83e01a561001e293ed8d9deaaa97468dd7d53ee4a9d04a1f018dbb233a6ed02495aab321725a6e17f1e7dcd43c079e0dd268d93ca56b765c7f98f2d467b
SSDEEP

3072:0wi51kpjgUdkY8NvaKUGVy1ltYWVnXKiivnFOq43yUQBB3cuAUXLinIcsHtPbXl/:wopjgUqY84yLWVkt3HhObgzvDROyE4Z

Score

10^/10

imminent persistence spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

00039be931e4e18d0b62df135a5bfc5457365c6797f1153076baa6366e347130.exe

Resource

win7-20240215-en

imminent persistence spyware trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

00039be931e4e18d0b62df135a5bfc5457365c6797f1153076baa6366e347130.exe

Resource

win10v2004-20240226-en

imminent persistence spyware trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  00039be931e4e18d0b62df135a5bfc5457365c6797f1153076baa6366e347130
- Size
  
  354KB
- MD5
  
  c5751319ba50158c8d86bdc778b82e58
- SHA1
  
  944999322cd74164446a9d4ba0dd62cbbb4fe53c
- SHA256
  
  00039be931e4e18d0b62df135a5bfc5457365c6797f1153076baa6366e347130
- SHA512
  
  bff0e83e01a561001e293ed8d9deaaa97468dd7d53ee4a9d04a1f018dbb233a6ed02495aab321725a6e17f1e7dcd43c079e0dd268d93ca56b765c7f98f2d467b
- SSDEEP
  
  3072:0wi51kpjgUdkY8NvaKUGVy1ltYWVnXKiivnFOq43yUQBB3cuAUXLinIcsHtPbXl/:wopjgUqY84yLWVkt3HhObgzvDROyE4Z
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Detects executables packed with ConfuserEx Custom; outside of GIT
- Detects executables packed with ConfuserEx Mod
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan

© 2018-2025

Terms | Privacy