imminent | d0c55a35e1e92414c67c3f8f79c6e5c8736e6039cac4b13378c7abd3e87579b7 | Triage

Sharing

General

Target

772fa45757a013a313e433bd224a1147_JaffaCakes118
Size

2.1MB
Sample

240526-3l1ktshc25
MD5

772fa45757a013a313e433bd224a1147
SHA1

7d0982c97106628da7bedda960725ba99c99080c
SHA256

d0c55a35e1e92414c67c3f8f79c6e5c8736e6039cac4b13378c7abd3e87579b7
SHA512

4ae6a7d8ace0f9d2ae6cdfb30d14a52d5310c10f3a44a888a2ab4ed1b24f0bfb394fa32786357db6adf73b6f1a6cf04350d13f1ac89926778dec6c292dd6e51d
SSDEEP

49152:mN8KROOiLDFL4GTlLLii7a4HDEtoujA+Or/aiWeb1HAOzj:waD/TlfxxDEbjA+SSi3b1bj

Score

10^/10

imminent evasion persistence spyware trojan

Malware Config

Targets

- Target
  
  NjRAT 0.7D/njRAT v0.7d/njRAT v0.7d.exe
- Size
  
  2.1MB
- MD5
  
  82797e8e4f73c21fbafe42c0f0a6af02
- SHA1
  
  3a3c35c40b15969ea5c4ab466d5df56f3cfd60ed
- SHA256
  
  903d1bf52ade4faa221f0b264f1ac2bc816ff82c21542fde9b03d650f85d5ec9
- SHA512
  
  21a547080da7aafcd62e3fa588e80d99a3eec23a9bc70789a9402331b41a9996086061748b2ca9b3ad056fb44b585fc85aad7a98950bca543a0979d4aaf06c97
- SSDEEP
  
  24576:/tNAFB4Uzr6UeRmmZg8ADHWsJuFfo5jYbYzHSG/UpnMUnFz3Y/l0FbKXjGHO/gF7:/Xw+Fb3HOYF2
Score

10^/10

imminent evasion persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentevasionpersistencespywaretrojan

behavioral2

imminentevasionpersistencespywaretrojan