MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a33f5e8c172f9c027c7fd1151e8ec195ca102a14647c674e8089e2651276c391. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ImminentRAT

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	a33f5e8c172f9c027c7fd1151e8ec195ca102a14647c674e8089e2651276c391
SHA3-384 hash:	cb5321519fe5cf710c0151167bd63b403f6e0e6327210884b8eb85e2879ba9afd01312807789a77797750cc45e6306c8
SHA1 hash:	31f9a6331e7117d2af31e44e8b678b3a02ed1779
MD5 hash:	b893595ab6f96abf2adf924538834178
humanhash:	uranus-alaska-stream-red
File name:	a33f5e8c172f9c027c7fd1151e8ec195ca102a14647c674e8089e2651276c391
Download:	download sample
Signature	ImminentRAT Create hunting rule
File size:	985'600 bytes
First seen:	2020-11-10 11:37:51 UTC
Last seen:	2024-07-24 19:50:40 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	bc70c4fa605f17c85050b7c7b6d42e44 (15 x njrat, 12 x RedLineStealer, 10 x AgentTesla)
ssdeep	24576:QR0UfUDtdfFQ0QPEhogjdWUTpuYG+WyGXiXP:QR0aUujPKfdWUTp3G+nGyX
TLSH	AF258B539B84952CF4092DFFC6DA6FB143A96C871D4EBAC15004B95928338AB34BF1F9
Reporter	seifreed
Tags:	ImminentRAT

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.Crifi-6940738-0

PUA.Win.Tool.Netcat-6917729-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %temp% subdirectories

Creating a process from a recently created file

Creating a process with a hidden window

Creating a window

Adding an access-denied ACE

Launching a process

Deleting a recently created file

Creating a file in the %AppData% subdirectories

Connection attempt

Setting a global event handler for the keyboard

Unauthorized injection to a system process

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Imminent

Detection:

malicious

Classification:

troj.evad

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/528758

Signature

Allocates memory in foreign processes

Hides that the sample has been downloaded from the Internet (zone.identifier)

Injects a PE file into a foreign processes

Machine Learning detection for sample

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Writes to foreign memory regions

Yara detected Imminent

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a33f5e8c172f9c027c7fd1151e8ec195ca102a14647c674e8089e2651276c391/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2020-11-11 00:08:01 UTC

AV detection:

22 of 29 (75.86%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=um7v5daxf6oae7d72ekr5dwbsxfbakqumr6gotuarhrgketwyoiq._file

Verdict:

unknown

Result

Malware family:

imminent

Score:

10/10

Tags:

family:imminent persistence spyware trojan

Link:

https://tria.ge/reports/201110-fsjs19bj86/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Adds Run key to start application

Loads dropped DLL

Executes dropped EXE

Imminent RAT

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample