MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 76fdb24f501bffd247de4f83b72016c3e1ff762ae48d79d078fb06d760b23aa5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ImminentRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 76fdb24f501bffd247de4f83b72016c3e1ff762ae48d79d078fb06d760b23aa5
SHA3-384 hash: 83e64a10207ffcb8e8aaed95f9428d98e5afd1cca2af63ae9b1a23c381cef321f0f2d83b5c56c28d8debf9ec427b70e7
SHA1 hash: 9aa579427360bef2cc78f2f0671574569b4ba7dc
MD5 hash: f077598fb36378394afaba9383953963
humanhash: bacon-blossom-mango-carbon
File name:SUSPENSION LETTER ON SIM SWAP.rar
Download: download sample
Signature ImminentRAT
Create hunting rule
File size:872'131 bytes
First seen:2020-11-20 08:00:12 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:o+JCjBdq8cIvOIPVIBG16XIIt78dWmehIYeQQSQ:1CfdcPSKY10Q1RF
TLSH C005236937C2393FE8855728F735C6A5B2C8631B2B899D780175031897F06E9BB704E9
Reporter abuse_ch
Tags:ImminentRAT rar RAT


Avatar
abuse_ch
Malspam distributing ImminentRAT:

HELO: cakra.iixcp.rumahweb.com
Sending IP: 103.247.9.102
From: Ernest Chieke [ MTN Nigeria - S&D ] <Ernest.Chieke@mtn.com>
Subject: SUSPENSION LETTER ON SIM SWAP
Attachment: SUSPENSION LETTER ON SIM SWAP.rar (contains "SUSPENSION LETTER ON SIM SWAP.pdf.exe")

ImminentRAT C2:
23.105.131.129:1008

Intelligence

File Origin
# of uploads :
1
# of downloads :
130
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/76fdb24f501bffd247de4f83b72016c3e1ff762ae48d79d078fb06d760b23aa5/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-20 08:01:04 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=o363et2qdp75er66j6b3oiawypq765rk4sgxtudy7mdnoyfshksq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ImminentRAT

rar 76fdb24f501bffd247de4f83b72016c3e1ff762ae48d79d078fb06d760b23aa5

(this sample)

ImminentRAT

Executable exe c7df51c40f5e04eeb7dac698fdf23964ad7bc16a7dd93fb47ea8dc6f8ea6cfd4

  
Dropping
MD5 711d2d67ffad78cd775005738b0aa704
  
Dropping
ImminentRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c7df51c40f5e04eeb7dac698fdf23964ad7bc16a7dd93fb47ea8dc6f8ea6cfd4

Comments