imminent | 73a921d79c629a62d12cb03c5474b59f2e47fba3cd134d9c297bf6caa9d29be8 | Triage

Submit
Reports

Overview

overview

Static

static

1

18c5c1b72a...18.msi

windows7-x64

18c5c1b72a...18.msi

windows10-2004-x64

Sharing

General

Target

18c5c1b72a7764010ddb0c29f6104eaf_JaffaCakes118
Size

2.1MB
Sample

240505-wswf5agh7y
MD5

18c5c1b72a7764010ddb0c29f6104eaf
SHA1

c0897b37b631fac818e31aac6fbd76cdbe24d131
SHA256

73a921d79c629a62d12cb03c5474b59f2e47fba3cd134d9c297bf6caa9d29be8
SHA512

635d3f9f13217147daa06938d84998acec57ee81203d4a69ef3eb2154dc1cb79b8696d59e0c585b8fa43d38c2d3aa1a7f2dd1fe2dbab60978c9bc0d9abeb52ed
SSDEEP

49152:H5EVRAJdD1Z/cusQrWxE/J92+DA4sqOo7/z:ZEVRUdDb0+yEB5DKA

Score

10^/10

imminent agilenet spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

18c5c1b72a7764010ddb0c29f6104eaf_JaffaCakes118.msi

Resource

win7-20240215-en

imminent agilenet spyware trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

18c5c1b72a7764010ddb0c29f6104eaf_JaffaCakes118.msi

Resource

win10v2004-20240419-en

imminent agilenet spyware trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  18c5c1b72a7764010ddb0c29f6104eaf_JaffaCakes118
- Size
  
  2.1MB
- MD5
  
  18c5c1b72a7764010ddb0c29f6104eaf
- SHA1
  
  c0897b37b631fac818e31aac6fbd76cdbe24d131
- SHA256
  
  73a921d79c629a62d12cb03c5474b59f2e47fba3cd134d9c297bf6caa9d29be8
- SHA512
  
  635d3f9f13217147daa06938d84998acec57ee81203d4a69ef3eb2154dc1cb79b8696d59e0c585b8fa43d38c2d3aa1a7f2dd1fe2dbab60978c9bc0d9abeb52ed
- SSDEEP
  
  49152:H5EVRAJdD1Z/cusQrWxE/J92+DA4sqOo7/z:ZEVRUdDb0+yEB5DKA
Score

10^/10

imminent agilenet spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Drops startup file
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

imminentagilenetspywaretrojan

behavioral2

imminentagilenetspywaretrojan

© 2018-2024

Terms | Privacy