MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 32810abdc19d8ac2707052b00c823f3062f7ae4d2c5b984eadf2d18d615f695c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ImminentRAT

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	32810abdc19d8ac2707052b00c823f3062f7ae4d2c5b984eadf2d18d615f695c
SHA3-384 hash:	74fec4d7328984b985d7786c88868eced1f1d1b0c7d2fbc116f68fdec9294c866d5bcb5f1ba5ec13fdff0cf6752f0c72
SHA1 hash:	341036f021f65ca2f55ad10e888c332c6ee18d31
MD5 hash:	a0e24ce201c960c2eb13afc9c461f75c
humanhash:	bacon-india-sweet-arizona
File name:	78.142.19.172__winvps_1_com__oniee__winhost.exe.malw
Download:	download sample
Signature	ImminentRAT Create hunting rule
File size:	718'848 bytes
First seen:	2020-03-18 19:16:07 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	12288:cIaCC95R0AkCUeW67GeEfR0vCIxEKvn5Qc:dypUUSvuqIWKv5Qc
Threatray	1'341 similar samples on MalwareBazaar
TLSH	B4E49E8D650A805BF126577C12B0F23D157E4FE2FDA1A2CE94C8B666DA71C0DB92363C
Reporter	ov3rflow1
Tags:	ImminentRAT malw

Intelligence

File Origin

# of uploads :

1

# of downloads :

97

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Variant.Razy.371583.7932.32242.UNOFFICIAL

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2018-08-13 11:01:37 UTC

File Type:

PE (.Net Exe)

Extracted files:

22

AV detection:

24 of 29 (82.76%)

Threat level:

2/5

Verdict:

malicious

Similar samples:

16d8aa3dae24ba03bbc22093b96c73b303646cd7fb9829a857177c0cbe2ca724

1f39a6b78d949b49801703687e3ee181ddfba0e21b13e094f584808d5030ebe2

258856f05819789b47e0bed58b1df479976a355cd30b953b23f9e2f5d286578a

411ce03275828c11e70ff5a393221295f20cce99eaea12d003242e389eab30bc

6451dad939c9bdab292445db5668deb2059d524dcfc97fa2216c4736a2c0f3e4

8caedefa8cf9273522057503dc8c9cabeaea4eb113a612040f1da56f8d85dbbf

942ba8391b19db4bbf53dc65cf6e170dadc6117900d468521fa69340dd575ac7

a032cd20c067b83f1cab391af7671f7ae669de96dbf995f08580b14d218aeccc

b982293fd90384c609fb3879b14af3ab6a780c0cb9f3cb6baf1fe81a3f400e29

c660d1d93adc735a9a5c59d18eecf6c4124b4e32b3a704bb754e490a2bf5eb35

+ 1'331 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/32810abdc19d8ac2707052b00c823f3062f7ae4d2c5b984eadf2d18d615f695c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

URLhaus

https://urlhaus.abuse.ch/url/41493/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample