MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3a407b1a344c694f1e1ca56be15ab2511db137dbd978c7131e872a8f2f01f133. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BrbBot


Vendor detections: 6


Intelligence 6 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3a407b1a344c694f1e1ca56be15ab2511db137dbd978c7131e872a8f2f01f133
SHA3-384 hash: 7dc0cb2da525d0d8428223419580d2591e2ad0075d081668cdeb05181fa5025d5566da80577de2b176eca62ef085b080
SHA1 hash: 35b0e81bfc00f120e64dee0114cef7c677478017
MD5 hash: 5fa37b9e997a5a2f2ae42827dbf9ce6e
humanhash: finch-mountain-double-spaghetti
File name:brbbot.zip
Download: download sample
Signature BrbBot
Create hunting rule
File size:39'106 bytes
First seen:2024-04-13 12:35:57 UTC
Last seen:Never
File type: zip
MIME type:application/zip
Note:This file is a password protected archive. The password is: infected
ssdeep 768:31AW5sfCeRfnkOGjACcV8iDL6HvYXhaflxVvt89jd5nId8gKr6f:3+0sfCeRfk18CcsvYRafPVKjsymf
TLSH T1010302E8007D16E5ACB4A3337F1BD3F07F4663911091D86C2A885990BD6749F9ADB21F
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter Anonymous
Tags:brbbot zip


Avatar
Anonymous
Had to search far and wide for this sample, so its now easier to acess on malware bazar

Intelligence

File Origin
# of uploads :
1
# of downloads :
174
Origin country :
PT PT
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:brbbot.exe
File size:75'776 bytes
SHA256 hash: f47060d0f7de5ee651878eb18dd2d24b5003bdb03ef4f49879f448f05034a21e
MD5 hash: 1c7243c8f3586b799a5f9a2e4200aa92
MIME type:application/x-dosexec
Signature BrbBot
Vendor Threat Intelligence
Result
Verdict:
Unknown
File Type:
PE File
Link:
https://app.docguard.net/3a407b1a344c694f1e1ca56be15ab2511db137dbd978c7131e872a8f2f01f133/results/dashboard
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
crypto
Link:
https://www.filescan.io/uploads/661a7c33f4fe020219b65b24/reports/c647b503-011a-4364-8f97-d57b8da238a0/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/3a407b1a344c694f1e1ca56be15ab2511db137dbd978c7131e872a8f2f01f133
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/3a407b1a344c694f1e1ca56be15ab2511db137dbd978c7131e872a8f2f01f133
Score:
97%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/3a407b1a344c694f1e1ca56be15ab2511db137dbd978c7131e872a8f2f01f133
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3a407b1a344c694f1e1ca56be15ab2511db137dbd978c7131e872a8f2f01f133/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hjahwgrujruu6hq4uvv6cwvskeo3cn633f4moey6q4vi6lyb6ezq._file
Result
Malware family:
brbbot
Create hunting rule
Score:
  10/10
Tags:
family:brbbot persistence
Link:
https://tria.ge/reports/240413-tbmrjsef47/
Behaviour
Suspicious behavior: EnumeratesProcesses
Adds Run key to start application
Malware Config
C2 Extraction:
brb.3dtuts.by
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3a407b1a344c694f1e1ca56be15ab2511db137dbd978c7131e872a8f2f01f133

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:MALWARE_Win_BrbBot
Create hunting rule
Author:ditekSHen
Description:Detects BrbBot
Rule name:win_brbbot_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.brbbot.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BrbBot

zip 3a407b1a344c694f1e1ca56be15ab2511db137dbd978c7131e872a8f2f01f133

(this sample)

BrbBot

Executable exe f47060d0f7de5ee651878eb18dd2d24b5003bdb03ef4f49879f448f05034a21e

Joe
Joe Sandbox
https://www.joesandbox.com/analysis/1286450/0/html
  
Dropping
SHA256 f47060d0f7de5ee651878eb18dd2d24b5003bdb03ef4f49879f448f05034a21e
  
Delivery method
Other

Comments