imminent | f6cbdbef121947423a9a77772b4df1e5da487f3d6c37394ee92b10c46b267ccc | Triage

Sharing

General

Target

c0de7606d8649ec818dd66699fb1b780_JaffaCakes118
Size

484KB
Sample

240825-q1mlasxcpg
MD5

c0de7606d8649ec818dd66699fb1b780
SHA1

7223567e209589a44b22abbd1155703d13e3b2f3
SHA256

f6cbdbef121947423a9a77772b4df1e5da487f3d6c37394ee92b10c46b267ccc
SHA512

a4d6f0bff6bee4a9fa4c98c311ea6dd9858f385ff4c2fd23dd61248ea6790a1150e2ea85932ac3cb81054ba31e4d50f47c000651fff08e59d9ef51828ee21391
SSDEEP

12288:vLE11YrDVyHbtBFMLX0y9teChxr9RocGGOPeKJ9B5:vLEw/VYbVMLh5xXGVeE

Score

10^/10

imminent discovery spyware trojan

Malware Config

Targets

- Target
  
  c0de7606d8649ec818dd66699fb1b780_JaffaCakes118
- Size
  
  484KB
- MD5
  
  c0de7606d8649ec818dd66699fb1b780
- SHA1
  
  7223567e209589a44b22abbd1155703d13e3b2f3
- SHA256
  
  f6cbdbef121947423a9a77772b4df1e5da487f3d6c37394ee92b10c46b267ccc
- SHA512
  
  a4d6f0bff6bee4a9fa4c98c311ea6dd9858f385ff4c2fd23dd61248ea6790a1150e2ea85932ac3cb81054ba31e4d50f47c000651fff08e59d9ef51828ee21391
- SSDEEP
  
  12288:vLE11YrDVyHbtBFMLX0y9teChxr9RocGGOPeKJ9B5:vLEw/VYbVMLh5xXGVeE
Score

10^/10

imminent discovery spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentdiscoveryspywaretrojan

behavioral2

imminentdiscoveryspywaretrojan