imminent | 114ad38ef50939dbc71a24923dff65aad0167b7679805d3c3a5a2fd4b6925247 | Triage

Sharing

General

Target

0a37ecfea5074fff2de431e643e74af0_JaffaCakes118
Size

693KB
Sample

240430-v3v3nsbg2z
MD5

0a37ecfea5074fff2de431e643e74af0
SHA1

4ff3dfa39ae7fd46772c30ff547ed935e134396f
SHA256

114ad38ef50939dbc71a24923dff65aad0167b7679805d3c3a5a2fd4b6925247
SHA512

7ee5854e7e3cebf76de910b47f427095c420cd27c227d74cd0c62e44f2adfc429c1abb02391cc7ca15df28a99ce471c4912d4a41fc43e234d78029f330f3c33f
SSDEEP

12288:tSIzbMSwyUI2buNNqwfVsQV2wWU4dh2hPnmrTVr5i38VeUbBxjv:tSibMSws2SqwGuZUgz3kXjv

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  0a37ecfea5074fff2de431e643e74af0_JaffaCakes118
- Size
  
  693KB
- MD5
  
  0a37ecfea5074fff2de431e643e74af0
- SHA1
  
  4ff3dfa39ae7fd46772c30ff547ed935e134396f
- SHA256
  
  114ad38ef50939dbc71a24923dff65aad0167b7679805d3c3a5a2fd4b6925247
- SHA512
  
  7ee5854e7e3cebf76de910b47f427095c420cd27c227d74cd0c62e44f2adfc429c1abb02391cc7ca15df28a99ce471c4912d4a41fc43e234d78029f330f3c33f
- SSDEEP
  
  12288:tSIzbMSwyUI2buNNqwfVsQV2wWU4dh2hPnmrTVr5i38VeUbBxjv:tSibMSws2SqwGuZUgz3kXjv
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan