imminent | 8f6b47ef4407cf14719e43ff46ff4a090269a7570509852a2366ed756f3b0aaf | Triage

Submit
Reports

Overview

overview

Static

static

3

a0a31dd15e...18.exe

windows7-x64

3

a0a31dd15e...18.exe

windows10-2004-x64

Sharing

General

Target

a0a31dd15e1039fc801a7fdb480ef91a_JaffaCakes118
Size

757KB
Sample

240612-pfgc4svapd
MD5

a0a31dd15e1039fc801a7fdb480ef91a
SHA1

426062eb6e6bca63258d3dbce674a5547ee1d507
SHA256

8f6b47ef4407cf14719e43ff46ff4a090269a7570509852a2366ed756f3b0aaf
SHA512

006d53ea10c55b846f7dd8d5f470c0e1bd3c7d991fe7588dc4939aeb5bea663209cb1e879ede6804017f80327edca3792c4a72d46e94f4a662c2d8cb8d4554d6
SSDEEP

12288:+BZl1vvNQSnTlBZl1vvNQSnTKvIT7XPa5xLaggSH1Lx0tMcqgcwwwlasqJX:W1vvNQQTz1vvNQQTKvea5xLagVH1LCqb

Score

10^/10

imminent persistence spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a0a31dd15e1039fc801a7fdb480ef91a_JaffaCakes118.exe

Resource

win7-20240611-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

a0a31dd15e1039fc801a7fdb480ef91a_JaffaCakes118.exe

Resource

win10v2004-20240508-en

imminent persistence spyware trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  a0a31dd15e1039fc801a7fdb480ef91a_JaffaCakes118
- Size
  
  757KB
- MD5
  
  a0a31dd15e1039fc801a7fdb480ef91a
- SHA1
  
  426062eb6e6bca63258d3dbce674a5547ee1d507
- SHA256
  
  8f6b47ef4407cf14719e43ff46ff4a090269a7570509852a2366ed756f3b0aaf
- SHA512
  
  006d53ea10c55b846f7dd8d5f470c0e1bd3c7d991fe7588dc4939aeb5bea663209cb1e879ede6804017f80327edca3792c4a72d46e94f4a662c2d8cb8d4554d6
- SSDEEP
  
  12288:+BZl1vvNQSnTlBZl1vvNQSnTKvIT7XPa5xLaggSH1Lx0tMcqgcwwwlasqJX:W1vvNQQTz1vvNQQTKvea5xLagVH1LCqb
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

imminentpersistencespywaretrojan

© 2018-2024

Terms | Privacy