MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 38c91081f6d55ec69c142d571b35538d8db4509866de7fa6ea46836e2db4087b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 10


Intelligence 10 IOCs 1 YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 38c91081f6d55ec69c142d571b35538d8db4509866de7fa6ea46836e2db4087b
SHA3-384 hash: ac648cfdae5830d75f81bc095d9b7c4f8a4f052ee52251001ddc394c15e07b3d1e2e4a7f918b97a7c1055b4d22ed00c9
SHA1 hash: 425521e9d39f868ff96be8f9b54543583f0803db
MD5 hash: 3637510bbd489ee4bae39f8c603a07d0
humanhash: tennessee-alanine-mockingbird-papa
File name:3637510BBD489EE4BAE39F8C603A07D0.exe
Download: download sample
Signature BitRAT
Create hunting rule
File size:3'942'400 bytes
First seen:2021-04-23 15:21:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 71955ccbbcbb24efa9f89785e7cce225 (57 x BitRAT)
ssdeep 98304:qtY1Lbh9UZaSLvdgccGLJT6y8kv6EE7kd:pj+Zzlgccp8
Threatray 151 similar samples on MalwareBazaar
TLSH 2106BF02FA42C562D2170230AA6E77BE057CF5344B2085C3B3946E6859B66D17B3BF7B
Reporter abuse_ch
Tags:BitRAT exe RAT


Avatar
abuse_ch
BitRAT C2:
74.124.24.29:2225

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
74.124.24.29:2225 https://threatfox.abuse.ch/ioc/9759/

Intelligence

File Origin
# of uploads :
1
# of downloads :
157
Origin country :
n/a
Vendor Threat Intelligence
Detection:
BitRAT
Create hunting rule
Link:
https://www.capesandbox.com/analysis/143895/
Detection(s):
Win.Malware.Mikey-9819889-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
DNS request
Setting a global event handler
Sending a UDP request
Setting a global event handler for the keyboard
Sending a TCP request to an infection source
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
BitRAT Xmrig
Create hunting rule
Detection:
malicious
Classification:
troj.evad.mine
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/695548
Signature
Contains functionality to hide a thread from the debugger
Contains functionality to inject code into remote processes
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected BitRAT
Yara detected Xmrig cryptocurrency miner
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/38c91081f6d55ec69c142d571b35538d8db4509866de7fa6ea46836e2db4087b/
Threat name:
Win32.Backdoor.ParalaxRat
Create hunting rule
Status:
Malicious
First seen:
2021-04-21 02:00:29 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hderbapw2vpmnhaufvlrwnktrwg3iueym3ph7jxki2bw4lnubb5q._file
Verdict:
malicious
Similar samples:
086292a6bfd70867d0186a92add0deca164c0588fc37c30c4401e249c2b59257
BitRAT
3936db5f71715f5ef3c4807c9fe0913943ae3b0aa3f000f40ec95558789a2450
BitRAT
3c433cb1c5fbe7966fc5545c22a795866484b7bab4600598629939ed4a542b01
BitRAT
6b5e00fefc79d8345cc80d0507f4602b587aa41f1f193946c306e8388d8a90f9
BitRAT
7840f0892f2762590368de7091d31be8ace3a3ca1982dd5efd22c938a1552a47
BitRAT
98f10643b82275794bc9708dbffdb248e5f715a7207e1c4a4a453cd7cfa7a059
BitRAT
be06f303ae133e36f87ef001dc369f0212f76b26ad53ec171fd2dcdde9463cea
BitRAT
ce626c7e042469928600430d504181b8bc8d4e93d61ab4f89c3eb054acc78f78
BitRAT
ed89efa7c8159a2158076d37effc5f0f12bba88955ee9345cf67210ec0a6e43c
BitRAT
fe0a8d4538509b238f96d42c57d73ffb49d1967c4b6dc8b397a4684446a04460
BitRAT
+ 141 additional samples on MalwareBazaar
Result
Malware family:
bitrat
Create hunting rule
Score:
  10/10
Tags:
family:bitrat
Link:
https://tria.ge/reports/210423-q9e1jhnjh2/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Unpacked files
SH256 hash:
38c91081f6d55ec69c142d571b35538d8db4509866de7fa6ea46836e2db4087b
MD5 hash:
3637510bbd489ee4bae39f8c603a07d0
SHA1 hash:
425521e9d39f868ff96be8f9b54543583f0803db
Link:
https://www.unpac.me/results/09954120-2d54-4a5a-82a7-21147aaa0a7d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/38c91081f6d55ec69c142d571b35538d8db4509866de7fa6ea46836e2db4087b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Email_stealer_bin_mem
Create hunting rule
Author:James_inthe_box
Description:Email in files like avemaria
Rule name:MALWARE_Win_BitRAT
Create hunting rule
Author:ditekSHen
Description:Detects BitRAT RAT

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/143895/

Comments