MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 008b2da3638a7f6795bbc8017d3bec47d8e74a89eeeb1defe8c0475a32339211. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 11


Intelligence 11 IOCs 1 YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 008b2da3638a7f6795bbc8017d3bec47d8e74a89eeeb1defe8c0475a32339211
SHA3-384 hash: 3974acbb4cb8dd4e6c771e5c03fabe594a60203699d170879f33a0d405927c15bf8dafca5ac1900fba9d17e2443933a6
SHA1 hash: 9da705ae3115950777bfe577a5fa1a0736f3ad22
MD5 hash: 84d29a80deeda551f4a8ac2e2a16cf17
humanhash: white-artist-asparagus-quiet
File name:84D29A80DEEDA551F4A8AC2E2A16CF17.exe
Download: download sample
Signature BitRAT
Create hunting rule
File size:6'443'603 bytes
First seen:2021-06-28 23:41:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 71955ccbbcbb24efa9f89785e7cce225 (57 x BitRAT)
ssdeep 49152:gXUIEeZzdeh/c7p1rNdd+JNEj0ykdj21x1YhFlX4bA/Hg/11VzeLG/7wqNKB2VIJ:gXrEeZzdhjuV/gd1VzsGUqNKTHvQezRD
Threatray 250 similar samples on MalwareBazaar
TLSH 1156CF02FA41C562D2670230E96E77BA057CF5344B2085C3B39C6A685BB66D17A37F3B
Reporter abuse_ch
Tags:BitRAT exe RAT


Avatar
abuse_ch
BitRAT C2:
5.230.84.38:2222

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
5.230.84.38:2222 https://threatfox.abuse.ch/ioc/155448/

Intelligence

File Origin
# of uploads :
1
# of downloads :
164
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
84D29A80DEEDA551F4A8AC2E2A16CF17.exe
Verdict:
Malicious activity
Analysis date:
2021-06-28 23:41:40 UTC
Tags:
trojan bitrat rat
Link:
https://app.any.run/tasks/4763523d-864b-42dd-bf19-6602c4bd19c4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
BitRAT
Create hunting rule
Link:
https://www.capesandbox.com/analysis/168644/
Detection(s):
Win.Malware.Mikey-9819889-0
Create hunting rule

ditekSHen.MALWARE.Win.Trojan.BitRAT.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Malware family:
BitRAT
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f042b6ed-5eff-4fd8-b134-a975b5fd99a0
Result
Threat name:
BitRAT Xmrig
Create hunting rule
Detection:
malicious
Classification:
troj.evad.mine
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/809050
Signature
Antivirus / Scanner detection for submitted sample
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected BitRAT
Yara detected Xmrig cryptocurrency miner
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/008b2da3638a7f6795bbc8017d3bec47d8e74a89eeeb1defe8c0475a32339211/
Threat name:
Win32.Backdoor.ParalaxRat
Create hunting rule
Status:
Malicious
First seen:
2021-06-25 18:58:00 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=acfs3i3drj7wpfn3zaax2o7mi7moosuj53vr337iybdvumrtsiiq._file
Verdict:
malicious
Similar samples:
1e92ffaaee0217be3540c5a8e0b465d639008e15bb1335fc1aab14ef252f4072
BitRAT
405615def0f1ed392a6273ab7c23a2e5fc01bc2cb978b7f3f2040d4a3c57d37a
BitRAT
4cf44d352a41e3125ec55db9e83843e57a8a4345781fb7a4a8535935b0b87906
BitRAT
53592d15fc275a7c603b2c80baf9ca7d3e2f7eebe82ba8eca971ff1c005ab353
BitRAT
6110c332c287a7ac7fadde14aa3b69190a415e11f664f6746b461b589e0276cd
BitRAT
6387b0ded51410f864b093626cfa7e711c8885d6870996f8138de12ced45730c
BitRAT
6cd85d78caec047483007ee54b8f4cea13d29c648b7f4bd500ce199f360f1518
BitRAT
8f09e478721eecc723aa346c56541183c78bcaa6b97f08b8d33b84022881178a
BitRAT
dfeaef515d92681d5d23ace741b56e14ec71b9042427874c15ef2db030c47b95
BitRAT
e5aea3844b9f8f3811b6c3e3ff58e84793806b58da0064743235b7c6e476e624
BitRAT
+ 240 additional samples on MalwareBazaar
Result
Malware family:
bitrat
Create hunting rule
Score:
  10/10
Tags:
family:bitrat
Link:
https://tria.ge/reports/210628-b25rslqqh2/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Unpacked files
SH256 hash:
008b2da3638a7f6795bbc8017d3bec47d8e74a89eeeb1defe8c0475a32339211
MD5 hash:
84d29a80deeda551f4a8ac2e2a16cf17
SHA1 hash:
9da705ae3115950777bfe577a5fa1a0736f3ad22
Link:
https://www.unpac.me/results/4dfe7193-393b-4165-bb7c-7d2933453dc5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/008b2da3638a7f6795bbc8017d3bec47d8e74a89eeeb1defe8c0475a32339211

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Email_stealer_bin_mem
Create hunting rule
Author:James_inthe_box
Description:Email in files like avemaria
Rule name:INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFu
Create hunting rule
Author:ditekSHen
Description:Detect executables with stomped PE compilation timestamp that is greater than local current time
Rule name:MALWARE_Win_BitRAT
Create hunting rule
Author:ditekSHen
Description:Detects BitRAT RAT

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/168644/

Comments