imminent | a022ba42dfa1f0e62d45b0f333d00fb5edc2c2aada060a1a8c7f89522ed020f2 | Triage

Sharing

General

Target

8184243fbfd1d32d461404890695adb7_JaffaCakes118
Size

1.6MB
Sample

240529-xeag6sdf8z
MD5

8184243fbfd1d32d461404890695adb7
SHA1

0b321e759af79716c82d3e3abf4940a0ccc15a05
SHA256

a022ba42dfa1f0e62d45b0f333d00fb5edc2c2aada060a1a8c7f89522ed020f2
SHA512

4252c057489288621abea0a1972ddc1307a3fa11369d94c2155dd36c28f9d07ac5827cceedda2535c7b36328a8a58bb12f380f865e5baad616d4b038e3f8ae27
SSDEEP

49152:ykwkn9IMHeaB2VUyjDk00O2IkJnx/NDaPCS:xdnVIVpjD6BXz1ePC

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  8184243fbfd1d32d461404890695adb7_JaffaCakes118
- Size
  
  1.6MB
- MD5
  
  8184243fbfd1d32d461404890695adb7
- SHA1
  
  0b321e759af79716c82d3e3abf4940a0ccc15a05
- SHA256
  
  a022ba42dfa1f0e62d45b0f333d00fb5edc2c2aada060a1a8c7f89522ed020f2
- SHA512
  
  4252c057489288621abea0a1972ddc1307a3fa11369d94c2155dd36c28f9d07ac5827cceedda2535c7b36328a8a58bb12f380f865e5baad616d4b038e3f8ae27
- SSDEEP
  
  49152:ykwkn9IMHeaB2VUyjDk00O2IkJnx/NDaPCS:xdnVIVpjD6BXz1ePC
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan