imminent | 6d44c02f92d02276e3885206808e1df1f8876684321ff040cb0942007c04b0f4 | Triage

Sharing

General

Target

c5cf4e3a6bd768bfdb0b39e55aa3bb6e_JaffaCakes118
Size

413KB
Sample

240827-1rx1satcke
MD5

c5cf4e3a6bd768bfdb0b39e55aa3bb6e
SHA1

4cf4b38c63396e4332b3da1e005d640f8f0c7083
SHA256

6d44c02f92d02276e3885206808e1df1f8876684321ff040cb0942007c04b0f4
SHA512

551e93cb2b594fe173e87292353f82a2ae3f997e7b6f87d72655fd4e6ca72c83d315544e354cda7172a0e7a9df49c52a41237b4880b6e92c9f2e1f74443c0245
SSDEEP

12288:6e4quwXZr+aRpDMpgQ4B5Md1dmzpfeE+UJ+IfoDcw:6RwXoyDWgQ4UdmVf9J+Ifox

Score

10^/10

imminent discovery persistence spyware trojan

Malware Config

Targets

- Target
  
  c5cf4e3a6bd768bfdb0b39e55aa3bb6e_JaffaCakes118
- Size
  
  413KB
- MD5
  
  c5cf4e3a6bd768bfdb0b39e55aa3bb6e
- SHA1
  
  4cf4b38c63396e4332b3da1e005d640f8f0c7083
- SHA256
  
  6d44c02f92d02276e3885206808e1df1f8876684321ff040cb0942007c04b0f4
- SHA512
  
  551e93cb2b594fe173e87292353f82a2ae3f997e7b6f87d72655fd4e6ca72c83d315544e354cda7172a0e7a9df49c52a41237b4880b6e92c9f2e1f74443c0245
- SSDEEP
  
  12288:6e4quwXZr+aRpDMpgQ4B5Md1dmzpfeE+UJ+IfoDcw:6RwXoyDWgQ4UdmVf9J+Ifox
Score

10^/10

imminent discovery persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentdiscoverypersistencespywaretrojan

behavioral2

imminentdiscoverypersistencespywaretrojan