MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0523c9c53027d822021a5b2bad5d216461c060396944da4bf8cd6cc1963deebb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 10


Intelligence 10 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0523c9c53027d822021a5b2bad5d216461c060396944da4bf8cd6cc1963deebb
SHA3-384 hash: bb70bf0f7107b32639403c84947f634ccf72e29170e111de9ebb83013837d01e02e72e673fa849fe61527faa0362d5bf
SHA1 hash: b59c0cb1271f72598934bd30b63db5348ab3d297
MD5 hash: 58efa41d1aed6af68c52e46904553216
humanhash: sink-texas-fillet-iowa
File name:RFQ E-BiddingRequestForQuotationReport16Jun20.exe
Download: download sample
Signature BitRAT
Create hunting rule
File size:193'672 bytes
First seen:2021-06-21 14:26:09 UTC
Last seen:2021-06-21 14:48:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 269fbb82c8f402e670c866cdbdfbba84 (4 x GuLoader, 2 x Loki, 1 x BitRAT)
ssdeep 1536:4WopBBTdfyNo8ptsYMSCF7Ym3JQmkKOXQMs8nAkYGhbOmSnKg7w7dkBFWopN:c/sLOnesJQKOM8AkNbOmV78N
Threatray 1'991 similar samples on MalwareBazaar
TLSH E1147CE17180FD73D7A986B117855AF91E896C309E54C9C3E2C4370EEBBA6E1C234726
Reporter abuse_ch
Tags:BitRAT exe RAT


Avatar
abuse_ch
BitRAT C2:
212.192.241.59:4898

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
212.192.241.59:4898 https://threatfox.abuse.ch/ioc/138248/

Intelligence

File Origin
# of uploads :
2
# of downloads :
139
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
RFQ E-BiddingRequestForQuotationReport16Jun20.exe
Verdict:
Malicious activity
Analysis date:
2021-06-21 14:31:37 UTC
Tags:
trojan bitrat rat
Link:
https://app.any.run/tasks/497cf28e-e4ff-49fd-bded-86846f7d5917

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
BitRAT
Create hunting rule
Link:
https://www.capesandbox.com/analysis/167303/
Detection(s):
SecuriteInfo.com.Variant.Razy.880943.9527.29955.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/24613f28-6d2f-47d7-bd8e-436f0da897d3
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/805382
Signature
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Hides threads from debuggers
Initial sample is a PE file and has a suspicious name
Multi AV Scanner detection for submitted file
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Tries to evade analysis by execution special instruction which cause usermode exception
Yara detected Generic Dropper
Behaviour
Behavior Graph:
Download SVG
Detection:
guloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/0523c9c53027d822021a5b2bad5d216461c060396944da4bf8cd6cc1963deebb/
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2021-06-21 14:26:13 UTC
AV detection:
10 of 46 (21.74%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=aur4trjqe7mceaq2lmv22xjbmrq4aybznfcnus7yzvwmdfr5525q._file
Verdict:
unknown
Similar samples:
0e312eccc907155b510e531e9519ede3e44ee79a67cb5dba0f3a0c39e9a3d083
BitRAT
2bf17b827e1be1f3a8b305a4e215347d08d32ccac5eb4028d49391b30c6ac4a7
BitRAT
414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65
BitRAT
6785bb7e30144c967cf7c9c905f2bbae99951ac320d5d30d63e11a30242d3547
BitRAT
815b5f62adb35607df07859bfd1b75763bf525643e7f21d5a0f8803dd0e86be4
BitRAT
8653a11ee811265418a3b6f12945c585b77aea72f02b2d80f481c1100d895299
BitRAT
8f71fca5621ccb7ba3558cfebc17014d27923d1c73ad97ececb577fd5b937047
BitRAT
a76f692240be874358bd241860d2f492eca687f44e0bffade3b631ccf142117d
BitRAT
f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b
BitRAT
fdbd4ab43b66094471908c19e02c0e981c6c870ee546c53d31165936b5791596
BitRAT
+ 1'981 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210621-hxnspscghn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Checks QEMU agent file
Guloader,Cloudeye
Malware Config
C2 Extraction:
https://onedrive.live.com/download?cid=0000E1848FF08279&resid=E1848FF08279%21144&authkey=APxiGTtkUNWwK8Y
Unpacked files
SH256 hash:
0523c9c53027d822021a5b2bad5d216461c060396944da4bf8cd6cc1963deebb
MD5 hash:
58efa41d1aed6af68c52e46904553216
SHA1 hash:
b59c0cb1271f72598934bd30b63db5348ab3d297
Link:
https://www.unpac.me/results/18998bb4-f6a2-43fd-9440-43df3c2dd269/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
BitRat
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0523c9c53027d822021a5b2bad5d216461c060396944da4bf8cd6cc1963deebb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/167303/

Comments