MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5d8446a23b80e9b6cb7406c2ba81d606685cf11b24e9eb8309153a47b04f3aad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ImminentRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5d8446a23b80e9b6cb7406c2ba81d606685cf11b24e9eb8309153a47b04f3aad
SHA3-384 hash: f3985191cbfe1e7255f5821c93aa72f7e08411ef35e49a9bf7cc7a55c8d287d3d3a7fd56c8ce1c8e8932210cf692de3f
SHA1 hash: ee0e249026d4ab18f34cb2c8670cb868a9bb03f6
MD5 hash: a728603061b5aa98fa40fb0447ba71e3
humanhash: tango-mockingbird-lithium-arkansas
File name:file
Download: download sample
Signature ImminentRAT
Create hunting rule
File size:363'008 bytes
First seen:2020-02-28 21:46:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:VQq2fqS+L/IKCLbFstC9yJpinokDoP8KAOoVksPJ+can:V2f+L/eLb2qCtihj4
Threatray 111 similar samples on MalwareBazaar
TLSH 34743B00FBDE8936D6DED7FF8860C42C52B46551DE07CA0E7F84635E5C523989E22BA2
Reporter johannes
Tags:BlackShades ImminentRAT


Avatar
viql
blackshades via https://pastebin.com/raw/fTbZ7sPY

Intelligence

File Origin
# of uploads :
1
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader12.36970.31878.20547.UNOFFICIAL
Create hunting rule

PUA.Win.Packed.ConfuserEx-6391397-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Immirat
Create hunting rule
Status:
Malicious
First seen:
2020-02-29 08:37:27 UTC
AV detection:
28 of 30 (93.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lwcenir3qdu3ns3ua3blvaowazufz4i3etu6xayjcu5epmcphkwq._file
Verdict:
unknown
Similar samples:
1cc84d3c06c9a283218310ac6d69e7161fd7605339b78035747c6f51021475ff
ImminentRAT
31736a54c77e7f44f952f55536eb4ac6d5863c9ed970a087c0d1cc801a558728
ImminentRAT
43756195653d9b20db70b3b2700d6ece0e927da322db216d12e6eeb6af316f3f
ImminentRAT
5a990dc0fd270a6db7f4089bf63dbc1584038e00c6e2acd48e959b6e6fc06dfc
ImminentRAT
5e106d7b95627d982862e8d97f9b057632427008df0b994cd4b99e17c41a4c26
ImminentRAT
8e395f386862d95d1a2837a56ffac8ec6a8dacd3e61fac1912f1960ada8c5abd
ImminentRAT
a14dc3eb54f3876b3a2bfc6e0aa105c832fc5424130c43248995cceda6790133
ImminentRAT
c7ea090c263f8b67203a9b0a291d1f2711821bd8489caad226f44a4b588a4579
ImminentRAT
c7ead8266de17cda17f2c1cf6b146c616a092f2a4d2e59cf80e2815976c5932d
ImminentRAT
f2e2cb71a06ac2a95a02168fc3d91f160e6e07ca19c5e6d3d708a9a486dd3f92
ImminentRAT
+ 101 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5d8446a23b80e9b6cb7406c2ba81d606685cf11b24e9eb8309153a47b04f3aad

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments