MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 440617cc4ae2ce5a9d0622bc5673b22d410d5dc5a6857a5e25508b9c925a5f47. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ImminentRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 440617cc4ae2ce5a9d0622bc5673b22d410d5dc5a6857a5e25508b9c925a5f47
SHA3-384 hash: 01f189cf6816742291c0cd31932d6dc7580a6fffcc00be9a470c4e4eb254d58c0dba9fb7e1f8e82fed206da4151b5c1d
SHA1 hash: 18304ea2b3698cc67b11d95ee284825188ee75a7
MD5 hash: 44fc53bab5af89c258eea9dd5b0c12ee
humanhash: orange-salami-stairway-potato
File name:SIM Swap Document Request.rar
Download: download sample
Signature ImminentRAT
Create hunting rule
File size:884'262 bytes
First seen:2020-11-06 09:47:48 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:Z0ElIqmspmeATkRqleMlstb/cqa4MLe8G2:48N7RSeM6tb/cFC2
TLSH C11533CBB82BA3CDA44B54A567259223E46374B9D0DDAF3726604FB1432B3B8D317364
Reporter abuse_ch
Tags:ImminentRAT nVpn rar RAT


Avatar
abuse_ch
Malspam distributing ImminentRAT:

HELO: vps41306.inmotionhosting.com
Sending IP: 104.152.109.9
From: Olukemi Odewenwa [ MTN Nigeria - S&D ] <Olukemi.Odewenwa@mtn.com>
Subject: SIM Swap Document Request
Attachment: SIM Swap Document Request.rar (contains "SIM Swap Document Request.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/440617cc4ae2ce5a9d0622bc5673b22d410d5dc5a6857a5e25508b9c925a5f47/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-11-06 07:33:17 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=iqdbptck4lhfvhigek6fm45sfvaq2xofu2cxuxrfkcfzzes2l5dq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ImminentRAT

rar 440617cc4ae2ce5a9d0622bc5673b22d410d5dc5a6857a5e25508b9c925a5f47

(this sample)

ImminentRAT

Executable exe 03b3a862ce340a8351d7dfe88cb8e864ba8d0db6c7d0e8089c7c4453b78f75f6

  
Dropping
MD5 758634dc4b46354aab2b8d9a3ea2079e
  
Dropping
ImminentRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 03b3a862ce340a8351d7dfe88cb8e864ba8d0db6c7d0e8089c7c4453b78f75f6

Comments