MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c37f3ea689c8e3c99c116bdd55f20b0e1026c7ddd02bb83bf82aa201254a1917. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ImminentRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c37f3ea689c8e3c99c116bdd55f20b0e1026c7ddd02bb83bf82aa201254a1917
SHA3-384 hash: 0035bb0aff0744573daa486866e9441be6a1323c1dd594ff682e4a6b2bd765d39b1cdc0386d79b22dcb37135615d5b0b
SHA1 hash: 71b1c13f14eabc26e2d2257467a1b397d2b125df
MD5 hash: f277ace5ff55bbbc5ce339a0b22cfe58
humanhash: freddie-network-glucose-bacon
File name:UNAUTHORIZED SWAP.rar
Download: download sample
Signature ImminentRAT
Create hunting rule
File size:626'039 bytes
First seen:2020-12-09 10:44:30 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:DfYNVaZLzf+9Tgmg9tMpWU8005Qf2xP0eDRUcEG9yjF5OQM4f9MeX:DfYNVaReg5MM7Kf2xP0eDacEIw51MObX
TLSH 1AD42322BE5392025E1B2FF2F8448CF4A220676202FB58845276997D9CD11C7FBAD5DE
Reporter abuse_ch
Tags:ImminentRAT rar RAT


Avatar
abuse_ch
Malspam distributing ImminentRAT:

HELO: vps41306.inmotionhosting.com
Sending IP: 104.152.109.9
From: Elizabeth Fagoroyo [ MTN Nigeria - S&D ] <elizabeth.fagoroyo@mtn.com>
Subject: UNAUTHORIZED SWAP
Attachment: UNAUTHORIZED SWAP.rar (contains "UNAUTHORIZED SWAP.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
125
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c37f3ea689c8e3c99c116bdd55f20b0e1026c7ddd02bb83bf82aa201254a1917/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-12-09 10:45:09 UTC
AV detection:
18 of 46 (39.13%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yn7t5jujzdr4tharnpovl4qlbyicnr652av3qo7yfkracjkkdelq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c37f3ea689c8e3c99c116bdd55f20b0e1026c7ddd02bb83bf82aa201254a1917

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ImminentRAT

rar c37f3ea689c8e3c99c116bdd55f20b0e1026c7ddd02bb83bf82aa201254a1917

(this sample)

ImminentRAT

Executable exe 72bff15d43e54772c639f876fbd6b132310081c87a9d997c4b0b3c08d09caf9f

  
Dropping
MD5 e3424021b3602af8dabe14f09f8eff9b
  
Dropping
ImminentRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 72bff15d43e54772c639f876fbd6b132310081c87a9d997c4b0b3c08d09caf9f

Comments