imminent | 92a8bd87031e9e9d39ff15152ffe18e5a5f5a15888f106c1d4bee17cca925862 | Triage

Submit
Reports

Overview

overview

Static

static

3

b9dc775591...18.exe

windows7-x64

b9dc775591...18.exe

windows10-2004-x64

Sharing

General

Target

b9dc7755917b72f0d10994ff3c3b0967_JaffaCakes118
Size

426KB
Sample

240617-y45kaasfpg
MD5

b9dc7755917b72f0d10994ff3c3b0967
SHA1

0fd11391981f7e640a708595f468a5687ddd1652
SHA256

92a8bd87031e9e9d39ff15152ffe18e5a5f5a15888f106c1d4bee17cca925862
SHA512

7f9f97acd1a5766b256bff3113ffe866698e341607c862932a3338da949a260b3f1adb9bef6cb25b559e3302c1f9a9aea7dbbdbd8f5c23264055243997f70383
SSDEEP

6144:28q6lhkFDjfSoyCFEvd/5kLAMJP7a9vk51/Oo4QDO4YuxnlbR5ggVL7h:3q68DDSzQGd/5kLA2P7a9vK1l4Q6y3V

Score

10^/10

imminent evasion spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b9dc7755917b72f0d10994ff3c3b0967_JaffaCakes118.exe

Resource

win7-20240611-en

imminent evasion spyware trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

b9dc7755917b72f0d10994ff3c3b0967_JaffaCakes118.exe

Resource

win10v2004-20240508-en

imminent evasion spyware trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  b9dc7755917b72f0d10994ff3c3b0967_JaffaCakes118
- Size
  
  426KB
- MD5
  
  b9dc7755917b72f0d10994ff3c3b0967
- SHA1
  
  0fd11391981f7e640a708595f468a5687ddd1652
- SHA256
  
  92a8bd87031e9e9d39ff15152ffe18e5a5f5a15888f106c1d4bee17cca925862
- SHA512
  
  7f9f97acd1a5766b256bff3113ffe866698e341607c862932a3338da949a260b3f1adb9bef6cb25b559e3302c1f9a9aea7dbbdbd8f5c23264055243997f70383
- SSDEEP
  
  6144:28q6lhkFDjfSoyCFEvd/5kLAMJP7a9vk51/Oo4QDO4YuxnlbR5ggVL7h:3q68DDSzQGd/5kLA2P7a9vK1l4Q6y3V
Score

10^/10

imminent evasion spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops desktop.ini file(s)
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentevasionspywaretrojan

behavioral2

imminentevasionspywaretrojan

© 2018-2025

Terms | Privacy