MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 194886b26491c9d7c807ad66a8e55b49bbefcf7deccf5b5e5921776a1dc7deac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 194886b26491c9d7c807ad66a8e55b49bbefcf7deccf5b5e5921776a1dc7deac
SHA3-384 hash: 5a657e9b91fac5caaf14e11884e241aca0cb14e4f06b35153b72cb05ff8e86b28b2dcb4113789700d040ce32edba7bec
SHA1 hash: 6e6f1bc24c9d8eebdecff56ba5ed54e8bace68f2
MD5 hash: 29bc0c39a6feb916e45388cd7abf14b6
humanhash: missouri-hawaii-saturn-sodium
File name:29bc0c39a6feb916e45388cd7abf14b6.exe
Download: download sample
Signature BitRAT
Create hunting rule
File size:393'216 bytes
First seen:2022-04-19 06:52:21 UTC
Last seen:2022-04-20 09:49:01 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 6144:Jb/vQGWYN/T27xh66CpRmIGKbKu83Pjpr5OWqNzxwjuc1AjxxlVnaMg/1DO+:pPWYR2FA6WcjkKu83PhYy7KlV4dK+
TLSH T156842342CA35D954EC77B173629B077A2B2E58E874F21BD89C38C5438B1A6017B13E9E
TrID 49.9% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win32 Executable (generic) (4505/5/1)
9.6% (.EXE) OS/2 Executable (generic) (2029/13)
9.5% (.EXE) Generic Win/DOS Executable (2002/3)
9.4% (.EXE) DOS Executable Generic (2000/1)
Reporter abuse_ch
Tags:BitRAT exe RAT

Intelligence

File Origin
# of uploads :
8
# of downloads :
344
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/264510/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.1277.16453.15747.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
obfuscated overlay packed
Link:
https://www.filescan.io/uploads/625e5c4eeab80a7a6c3f2de3/reports/7ec6e0ca-e4b7-4274-bbfa-1ae09f0e11ed/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Formbook
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/beb04ac2-77ae-4a19-918f-484fffbece61
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/978660
Signature
.NET source code contains potential unpacker
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/194886b26491c9d7c807ad66a8e55b49bbefcf7deccf5b5e5921776a1dc7deac/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-04-19 05:04:17 UTC
File Type:
PE (.Net Exe)
AV detection:
19 of 41 (46.34%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dfeinmteshe5psahvvtkrzk3jg567t355thvwxszef3wuhoh32wa._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220419-hnmfrshhdr/
Unpacked files
SH256 hash:
194886b26491c9d7c807ad66a8e55b49bbefcf7deccf5b5e5921776a1dc7deac
MD5 hash:
29bc0c39a6feb916e45388cd7abf14b6
SHA1 hash:
6e6f1bc24c9d8eebdecff56ba5ed54e8bace68f2
Link:
https://www.unpac.me/results/03973468-661b-40ac-8416-f39831dc1351/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/194886b26491c9d7c807ad66a8e55b49bbefcf7deccf5b5e5921776a1dc7deac

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

BitRAT

Executable exe 194886b26491c9d7c807ad66a8e55b49bbefcf7deccf5b5e5921776a1dc7deac

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2127047/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/264510/

Comments