MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3368c73256020d0096f04966c0e7443d1d6d2337c080c370fd7ceb8f1fcf3314. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3368c73256020d0096f04966c0e7443d1d6d2337c080c370fd7ceb8f1fcf3314
SHA3-384 hash: 0e74c708c58bb17404eebf0ce5f583f9aa9b4a6fdbfe07172b6b22a8e481764456f9182527e3f3bb40f5ad3d8926a77a
SHA1 hash: 1ce0ffe7b3b0196938c5783e24e8a3b57b077552
MD5 hash: c4c2eae78a0a4f448b8111454da6bfce
humanhash: winter-blossom-nebraska-batman
File name:F6SNA4S9KD7_ETRANSFER_RECEIPT.zip
Download: download sample
Signature BitRAT
Create hunting rule
File size:1'864'775 bytes
First seen:2022-06-06 15:26:52 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 49152:dwW4EUpRgxo9ivuWelxum7hRvdrzJ65mxhQDWCQJ:CL7pRgxwUuWc7zFE5QhQDWCw
TLSH T17D85333B8D5C0EABF39FF2BD801CBB5532E5AD37B64415CE878D87874181B88409CA99
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter cyberswat4
Tags:BitRAT RAT zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
370
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.27510.29241.UNOFFICIAL
Create hunting rule

Gathering data
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/3368c73256020d0096f04966c0e7443d1d6d2337c080c370fd7ceb8f1fcf3314
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3368c73256020d0096f04966c0e7443d1d6d2337c080c370fd7ceb8f1fcf3314/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gnumomswaigqbfxqjftmbz2ehuow2izxycamg4h5ptvy6h6pgmka._file
Result
Malware family:
bitrat
Create hunting rule
Score:
  10/10
Tags:
family:bitrat trojan upx
Link:
https://tria.ge/reports/220606-svq3mshcf4/
Behaviour
Creates scheduled task(s)
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Loads dropped DLL
Executes dropped EXE
UPX packed file
BitRAT
Malware Config
C2 Extraction:
bitrat9300.duckdns.org:9300
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3368c73256020d0096f04966c0e7443d1d6d2337c080c370fd7ceb8f1fcf3314

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

BitRAT

zip 3368c73256020d0096f04966c0e7443d1d6d2337c080c370fd7ceb8f1fcf3314

(this sample)

zip 9c4a7c857a899e6bfc5c8c911c16cdf00e1b5436cd5aefde5338a6e3b0f83fdc

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9c4a7c857a899e6bfc5c8c911c16cdf00e1b5436cd5aefde5338a6e3b0f83fdc
  
Dropping
MD5 bdd6cd0f4564f8133ea9391268957f22
  
Dropping
SHA256 6628a8883987d342555b0e13f9795abdce26b0c9a739b7d13ff0bfc9affe6995
  
Dropping
MD5 54d506080b660a0eadb72f6a7ca8264e
  
Dropping
SHA256 ecd4c729aa757a8833d0fca4a19208fe2c53c006613b4b81e79cba82d960f48b
  
Dropping
MD5 cc065fdab084a5641fb063425a9b3a29

Comments