MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 15a0568ab785cc4bb8196a0945f1085927470242eb93f28b8a2878408112e71a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 15a0568ab785cc4bb8196a0945f1085927470242eb93f28b8a2878408112e71a
SHA3-384 hash: 7e66f71172e509309d51371cfbecb64d8ac6e0bf17bd77f9f06f0c2b6889e4d612f9eccfaa61f922cdc93f7cdc64f1ca
SHA1 hash: d8440d852bdad55314f4eaecc606393bd79d7903
MD5 hash: 0ec5d93fececef7f0089ff2e60cd156d
humanhash: tennis-coffee-carolina-white
File name:0ec5d93fececef7f0089ff2e60cd156d.exe
Download: download sample
Signature BitRAT
Create hunting rule
File size:3'011'071 bytes
First seen:2022-02-08 18:50:05 UTC
Last seen:2022-02-08 20:52:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash baa831531f59211307b78efbc48da94c (2 x BitRAT)
ssdeep 49152:QILj+imzAbT10Rmo7RXMukn4Pm96gxoTk9OfYKk6KWegvpX7HkfSqr:jLCimcT1omWSuKYm9PII4JKpgvprw
Threatray 632 similar samples on MalwareBazaar
TLSH T17CD5232267B46028EBB71EB10C3B60551D763C055D78CC4F22899F3E4A72A47E9B5B2F
File icon (PE):PE icon
dhash icon 1003873d31213f10 (142 x DarkCloud, 132 x GuLoader, 35 x a310Logger)
Reporter abuse_ch
Tags:BitRAT exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
167
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/238491/
Detection(s):
SecuriteInfo.com.Trojan.Siggen14.19963.13905.7635.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
Unauthorized injection to a recently created process
DNS request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
overlay packed remote.exe shell32.dll
Link:
https://www.filescan.io/uploads/6202bbb6845a69d7734eca6a/reports/a8243905-121a-491c-b74d-2eedca5ffe14/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/343dca8e-73e0-428c-bc5b-36c01141134f
Result
Threat name:
Unknown
Detection:
malicious
Classification:
rans.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/936516
Signature
Antivirus / Scanner detection for submitted sample
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Potential malicious icon found
Sigma detected: Suspicious Svchost Process
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 568990 Sample: 2zsfSi2kYj.exe Startdate: 09/02/2022 Architecture: WINDOWS Score: 76 13 Potential malicious icon found 2->13 15 Antivirus / Scanner detection for submitted sample 2->15 17 Multi AV Scanner detection for submitted file 2->17 19 2 other signatures 2->19 6 2zsfSi2kYj.exe 2->6         started        process3 signatures4 21 Injects a PE file into a foreign processes 6->21 9 svchost.exe 1 6->9         started        11 2zsfSi2kYj.exe 6->11         started        process5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/15a0568ab785cc4bb8196a0945f1085927470242eb93f28b8a2878408112e71a/
Threat name:
Win32.Backdoor.Poison
Create hunting rule
Status:
Malicious
First seen:
2022-02-08 18:50:32 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
22548397f8ffb20d88d649678c9b09013118eb159bf3b5fa3532e28051a4e2b3
BitRAT
4959de8067a62478d5192edb0c7822484ea3f75c643100b4c73b0165eadd8911
BitRAT
6e82176449396ea6b244923e666e2147d5f0d5a64b969e2cbbbe983012f5ac90
BitRAT
84c32cb403361a5d8d8117cf941b89c6c819ac453a0e1f411eb5c2952cc35e7c
BitRAT
c5072b4120ac9daa3dc0e000cce9e6d6e3a1ca01fed779e0b43d877a744409cd
BitRAT
dff85817c9f5b1bc9153495323fa7b36fc8f8b6a8100155081d885e840da9c89
BitRAT
e139a350242af220a379940c1a667891161ff92bdcdbb5acd024076a27ddbf56
BitRAT
+ 622 additional samples on MalwareBazaar
Result
Malware family:
bitrat
Create hunting rule
Score:
  10/10
Tags:
family:bitrat trojan
Link:
https://tria.ge/reports/220208-xgymsadcam/
Behaviour
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Suspicious use of SetThreadContext
BitRAT
Unpacked files
SH256 hash:
8f07226c3f2d274a63c6140582829bc72bf78e93f91410b73053ac973b8fd60b
MD5 hash:
7ebd721f3f398026dc3df734262f9405
SHA1 hash:
113418ef91b2971e3654b16e19fad180f6ad92c3
Link:
https://www.unpac.me/results/5e01fe3e-e51d-4122-bbaa-fda1de7166a5/
SH256 hash:
15a0568ab785cc4bb8196a0945f1085927470242eb93f28b8a2878408112e71a
MD5 hash:
0ec5d93fececef7f0089ff2e60cd156d
SHA1 hash:
d8440d852bdad55314f4eaecc606393bd79d7903
Link:
https://www.unpac.me/results/5e01fe3e-e51d-4122-bbaa-fda1de7166a5/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

BitRAT

Executable exe 15a0568ab785cc4bb8196a0945f1085927470242eb93f28b8a2878408112e71a

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/238491/
  
URLhaus
https://urlhaus.abuse.ch/url/2000010/
  
Delivery method
Distributed via web download

Comments