MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5e106d7b95627d982862e8d97f9b057632427008df0b994cd4b99e17c41a4c26. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ImminentRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5e106d7b95627d982862e8d97f9b057632427008df0b994cd4b99e17c41a4c26
SHA3-384 hash: c91b7883caf43ea22c9096707dcff4a6e59b02fc9883eedd7df44f534a4e01a6992a79cd164c5d49711ff5ab09f7e50f
SHA1 hash: 5cc5ebd1ea59c61910e3672bad25ef2bba79e474
MD5 hash: 9e50b249c984b02ffe52d469a05396f2
humanhash: florida-vermont-arkansas-friend
File name:vbc(8).exe
Download: download sample
Signature ImminentRAT
Create hunting rule
File size:364'032 bytes
First seen:2020-03-24 19:07:46 UTC
Last seen:2020-03-24 22:34:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:+Y6yVbWCcK0f1pmGZt8Y3ACX7v9Rs/RFLoC:+Y6y1W00NEU8f8v9m9
Threatray 467 similar samples on MalwareBazaar
TLSH 9D743A00FBCE8936D5DED7FF8860C42C53B8A551DE17DA0E7F84935E5C423989E22A62
Reporter oppimaniac
Tags:ImminentRAT

Intelligence

File Origin
# of uploads :
3
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.KeyLogger.28086.28857.1812.UNOFFICIAL
Create hunting rule

PUA.Win.Packed.ConfuserEx-6391397-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Immirat
Create hunting rule
Status:
Malicious
First seen:
2020-03-24 18:22:00 UTC
AV detection:
27 of 30 (90.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lyig264vmj6zqkdc5dmx7gyfoyzee4ai34fzstguxgpbpra2jqta._file
Verdict:
unknown
Similar samples:
31736a54c77e7f44f952f55536eb4ac6d5863c9ed970a087c0d1cc801a558728
ImminentRAT
5706101b5ffaf565a5690227f1c273b174eb2dcd3565904984a36be84eca6645
ImminentRAT
5d8446a23b80e9b6cb7406c2ba81d606685cf11b24e9eb8309153a47b04f3aad
ImminentRAT
70d86fc8d1247dcd26ed0927411614973d45216d676978f768e14cb16d362536
ImminentRAT
79d97d58dbb9845b2101ad4a03a987b9fc8e937e43b4b9f5bfe3a47f71a6f113
ImminentRAT
8f9f89be357d1d17b6281bf9f6caebfa97fdbfcb6aec50e4aa147d0e24e909e7
ImminentRAT
a14dc3eb54f3876b3a2bfc6e0aa105c832fc5424130c43248995cceda6790133
ImminentRAT
da6f7b3b59260d0dcb45aa5b8e2212e99cf75d8c4bc36e56c720b02496ef816f
ImminentRAT
db8c0d21cf315034515bd28e49435e6cde73954c992c3a5528417019e9b25526
ImminentRAT
f2e2cb71a06ac2a95a02168fc3d91f160e6e07ca19c5e6d3d708a9a486dd3f92
ImminentRAT
+ 457 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ImminentRAT

Executable exe 5e106d7b95627d982862e8d97f9b057632427008df0b994cd4b99e17c41a4c26

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/329351/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments