MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 97d865bd7fd6d362a45cc47915503c3cf45745448964b878a8b40de196cbfb9b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ImminentRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 97d865bd7fd6d362a45cc47915503c3cf45745448964b878a8b40de196cbfb9b
SHA3-384 hash: 9a9c6c9f219dbc62f09108936595aa983846ef1967703372c07a57995194eb71b385464b1ff4508a8c6add194ebf2dfd
SHA1 hash: 086b976649c4a4b7d101a6d1fd69468cbcce9cea
MD5 hash: 5de985b0e0f32cb081329921886c09b9
humanhash: mobile-ack-mobile-sodium
File name:UNAUTHORIZED SIM SWAP.rar
Download: download sample
Signature ImminentRAT
Create hunting rule
File size:875'297 bytes
First seen:2020-10-28 06:49:51 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:Zb8sp52FE6gCEedsWiFecwOWdoObi7qG2C7EAeqW/DU0:Zd4gCEedxiKDo+TG2CQBqyQ0
TLSH A31533F48869877DA21C5CFDEB0837EB59AAB48CF0C5987CE01D950C96E83663F45722
Reporter abuse_ch
Tags:ImminentRAT rar RAT


Avatar
abuse_ch
Malspam distributing ImminentRAT:

HELO: vps41306.inmotionhosting.com
Sending IP: 104.152.109.9
From: Yusuf Abubakar Nabanga [ MTN Nigeria - CS ] <Yusuf.AbubakarNabanga@mtn.com>
Subject: UNAUTHORIZED SIM SWAP
Attachment: UNAUTHORIZED SIM SWAP.rar (contains "UNAUTHORIZED SIM SWAP.pdf.exe")

ImminentRAT C2:
greataggy2.linkpc.net

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/97d865bd7fd6d362a45cc47915503c3cf45745448964b878a8b40de196cbfb9b/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-27 16:33:49 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=s7mglpl723jwfjc4yr4rkub4ht2forkerfslq6fiwqg6dfwl7onq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/97d865bd7fd6d362a45cc47915503c3cf45745448964b878a8b40de196cbfb9b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ImminentRAT

rar 97d865bd7fd6d362a45cc47915503c3cf45745448964b878a8b40de196cbfb9b

(this sample)

ImminentRAT

Executable exe 1fc0f9704d3d6d03c8df4559dc784ebd7c1e2a38db56daf79297a3ab48e840b2

  
Dropping
MD5 d564a6be0c3dbb3ee569ae3e6c2eb387
  
Dropping
ImminentRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1fc0f9704d3d6d03c8df4559dc784ebd7c1e2a38db56daf79297a3ab48e840b2

Comments