imminent | d07f8aa03c96baaacb17564a7bd9d8be6b7effb347a1a98e1ea201a528e4ff8f | Triage

Submit
Reports

Overview

overview

Static

static

3

aee5704ab8...18.exe

windows7-x64

aee5704ab8...18.exe

windows10-2004-x64

Sharing

General

Target

aee5704ab8e1ef4484caef048a2e286f_JaffaCakes118
Size

652KB
Sample

240615-rzpjyaxgrr
MD5

aee5704ab8e1ef4484caef048a2e286f
SHA1

e023f6678b315e5b48beeaa0f3239adc15aaf59f
SHA256

d07f8aa03c96baaacb17564a7bd9d8be6b7effb347a1a98e1ea201a528e4ff8f
SHA512

184645be06e5945d09c1c0bb0756e4943757d44db203928e025c6f5147c516123d9fc2221f1cd53e684edf170a39f7c3bfc58ba20a7824a21a77d21d03be36ef
SSDEEP

12288:2lAb5lthGT76dsIqVpYO+NyEcQQ+9OoZyXTGMFTBJPfiIR:2azrGT7muSiEc+9OoGG4pqI

Score

10^/10

imminent persistence spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

aee5704ab8e1ef4484caef048a2e286f_JaffaCakes118.exe

Resource

win7-20240508-en

imminent persistence spyware trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

aee5704ab8e1ef4484caef048a2e286f_JaffaCakes118.exe

Resource

win10v2004-20240508-en

imminent persistence spyware trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  aee5704ab8e1ef4484caef048a2e286f_JaffaCakes118
- Size
  
  652KB
- MD5
  
  aee5704ab8e1ef4484caef048a2e286f
- SHA1
  
  e023f6678b315e5b48beeaa0f3239adc15aaf59f
- SHA256
  
  d07f8aa03c96baaacb17564a7bd9d8be6b7effb347a1a98e1ea201a528e4ff8f
- SHA512
  
  184645be06e5945d09c1c0bb0756e4943757d44db203928e025c6f5147c516123d9fc2221f1cd53e684edf170a39f7c3bfc58ba20a7824a21a77d21d03be36ef
- SSDEEP
  
  12288:2lAb5lthGT76dsIqVpYO+NyEcQQ+9OoZyXTGMFTBJPfiIR:2azrGT7muSiEc+9OoGG4pqI
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan

© 2018-2024

Terms | Privacy