MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 114e6de40d858b16e3e34dd62ef9d2d69758142b8da593a9496a08424ca518f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 114e6de40d858b16e3e34dd62ef9d2d69758142b8da593a9496a08424ca518f9
SHA3-384 hash: 44c0740b76c188194e457cc6cd7a0f5cd43e4b3727d2df279fe66a2389aaf2c33ce30f2c3cc4b6fe7669f222c0e4aa0b
SHA1 hash: 9ca849ffab758f443ef03cd3c783cadccd0b2f99
MD5 hash: 97e383e3bacc2bcd67f239e849bb4592
humanhash: seventeen-fix-twelve-idaho
File name:97e383e3bacc2bcd67f239e849bb4592.exe
Download: download sample
Signature BitRAT
Create hunting rule
File size:4'601'389 bytes
First seen:2021-02-27 07:00:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d6ac9616587efac71db41aa72947d988 (6 x BitRAT, 1 x QuasarRAT)
ssdeep 98304:YuWNQ0kKDhLa1xecuMJWJ4qnP6x0V2ucdIlpzJX:diQ0Nirvk2qSxHyzJX
Threatray 1'258 similar samples on MalwareBazaar
TLSH 6326D023AE049FE0EA4309F50A469949BA40741DD49FFD8768859608D23F9C7F4FF7A8
Reporter abuse_ch
Tags:BitRAT exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
134
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
97e383e3bacc2bcd67f239e849bb4592.exe
Verdict:
Malicious activity
Analysis date:
2021-02-27 07:03:56 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/6791795f-9f2f-49dd-aac3-4da3cc49a03f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Win.Malware.Johnnie-9835561-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %AppData% subdirectories
Unauthorized injection to a recently created process
Sending a UDP request
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/620360
Signature
Contain functionality to detect virtual machines
Contains functionality to inject code into remote processes
Detected unpacking (changes PE section rights)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/114e6de40d858b16e3e34dd62ef9d2d69758142b8da593a9496a08424ca518f9/
Threat name:
Win32.Trojan.Johnnie
Create hunting rule
Status:
Malicious
First seen:
2021-02-27 07:01:08 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cfhg3zanqwfrny7djxlc56os22lvqfblrwszhkkjnieeetffdd4q._file
Verdict:
malicious
Similar samples:
0940b9701bebcf58004ba4089e5d0d6ebbf882da6fce307f24b254f243063439
BitRAT
4290d442e13dea4987b3439a97deabd09dc72d8b38fff572ea287d1c4e9b71bd
BitRAT
4c6997804d58c9362349c9d5905e52c1e4a41c4db83541a3bf4f72097c8205f6
BitRAT
4cdfc8c1032ededddcecd13894424bc36e15173ca5cabefe38d0fa7db33d4491
BitRAT
5d55ad4b75f1106d59cc53b92d90c8f343c5d893c774d436f44ae5508714f443
BitRAT
7b71b12d30d6ce6adb82e9f8c105c1f1cc36ed8744b0c21cfa8aa08d21119f08
BitRAT
89977d91a899a6381a107a4f2dea8d3611d4903564510b94a6b0b37c53032fa6
BitRAT
a8f3dde862d7e81876c11ee41a7d5c6594e72e67d12496461157c56e24c10a35
BitRAT
c482ebed5672bdbc0cca51b79bbb7babaa82a678142d981a7dd009ad813c20d7
BitRAT
ebc82e867e1280af5cb01ed64745b4a4e5fa48c2ea64557bbaeb7b391e852c2f
BitRAT
+ 1'248 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/210227-d2eaj9gzkj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Unpacked files
SH256 hash:
f7d2646f59925afce2266479c0c0465bd55cde22428e491a2d1efe921fda2aa0
MD5 hash:
1434c7dc7e0f5f25d4205401d467d987
SHA1 hash:
feaf5ff4f19934ba14edd47abaa14da016b324b2
Link:
https://www.unpac.me/results/50d3b652-4f16-4d8c-bec0-9a7145879e6d/
SH256 hash:
114e6de40d858b16e3e34dd62ef9d2d69758142b8da593a9496a08424ca518f9
MD5 hash:
97e383e3bacc2bcd67f239e849bb4592
SHA1 hash:
9ca849ffab758f443ef03cd3c783cadccd0b2f99
Link:
https://www.unpac.me/results/50d3b652-4f16-4d8c-bec0-9a7145879e6d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.69
Link:
https://yomi.yoroi.company/submissions/114e6de40d858b16e3e34dd62ef9d2d69758142b8da593a9496a08424ca518f9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

BitRAT

Executable exe 114e6de40d858b16e3e34dd62ef9d2d69758142b8da593a9496a08424ca518f9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1031102/
  
Delivery method
Distributed via web download

Comments