imminent | f391eb43136838d4a51bfc6f4c0fb011c00d557423952019af6e43175893f941 | Triage

Sharing

General

Target

5d4541d38a60b44647cbd0c2de0f2906_JaffaCakes118
Size

1.5MB
Sample

240520-fgyt4sdb3y
MD5

5d4541d38a60b44647cbd0c2de0f2906
SHA1

e42172475c7afeebf21b8576bd30fcf3694d1b01
SHA256

f391eb43136838d4a51bfc6f4c0fb011c00d557423952019af6e43175893f941
SHA512

0f9e36e45df36624e9e8c52e7d5883998a2bc94d37d6fe7c9ab6bc1c12be93db52c00fb2cedcecf92ed855a65d685d3b7758fd8f3c0debabbfb932a42f14acec
SSDEEP

24576:dAHnh+eWsN3skA4RV1Hom2KXMmHaAdpy6dfMMe5:8h+ZkldoPK8YaAmOM5

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  5d4541d38a60b44647cbd0c2de0f2906_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  5d4541d38a60b44647cbd0c2de0f2906
- SHA1
  
  e42172475c7afeebf21b8576bd30fcf3694d1b01
- SHA256
  
  f391eb43136838d4a51bfc6f4c0fb011c00d557423952019af6e43175893f941
- SHA512
  
  0f9e36e45df36624e9e8c52e7d5883998a2bc94d37d6fe7c9ab6bc1c12be93db52c00fb2cedcecf92ed855a65d685d3b7758fd8f3c0debabbfb932a42f14acec
- SSDEEP
  
  24576:dAHnh+eWsN3skA4RV1Hom2KXMmHaAdpy6dfMMe5:8h+ZkldoPK8YaAmOM5
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Drops startup file
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan