MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3ea4691598800d0d5b7aa9aeaaae75c92c35a238adc57b1a49cd91d464dacae3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3ea4691598800d0d5b7aa9aeaaae75c92c35a238adc57b1a49cd91d464dacae3
SHA3-384 hash: 627a3eda1a541d7c80eb9667415648ffd7b6df6a5fdf814eec1d0e69d8d3dd0905fa022449711e1093eca9805518c707
SHA1 hash: 1fbc2e23b68f8db421e3f53a6d88b8adb6220fe3
MD5 hash: 6de159a55d12287671f21def0a88b833
humanhash: zebra-north-mike-green
File name:Statement.iso
Download: download sample
Signature BitRAT
Create hunting rule
File size:2'308'096 bytes
First seen:2021-01-19 13:02:45 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 49152:6gYUnpySEMB9H+5lCMnqukrKFW2bK49EZl:qUnL9HqlCMqukre9Vil
TLSH A2B512922E04EE01E179A7B5E42A65F472EEAD04D755C50B7C8DFEB9333390A860D632
Reporter abuse_ch
Tags:BitRAT iso RAT


Avatar
abuse_ch
Malspam distributing BitRAT:

HELO: mail.getemails.host
Sending IP: 163.44.206.131
From: Account <admin@getemails.host>
Reply-To: danielren101@gmail.com
Subject: Re: Statement Update
Attachment: Statement.iso (contains "Statement.exe")

BitRAT C2:
185.157.162.107:4783

Intelligence

File Origin
# of uploads :
1
# of downloads :
154
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3ea4691598800d0d5b7aa9aeaaae75c92c35a238adc57b1a49cd91d464dacae3/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-01-19 13:03:10 UTC
AV detection:
4 of 46 (8.70%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=h2sgsfmyqagq2w32vgxkvltvzewdliryvxcxwgsjzwi5izg2zlrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3ea4691598800d0d5b7aa9aeaaae75c92c35a238adc57b1a49cd91d464dacae3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

BitRAT

iso 3ea4691598800d0d5b7aa9aeaaae75c92c35a238adc57b1a49cd91d464dacae3

(this sample)

BitRAT

Executable exe 22c86ceaed13287d9bdcc4bb9e7ee4c383c5c1422eee3f75a10f7fd0ffe3b589

  
Dropping
MD5 2faaf3267e581c03463c3a2c256d697e
  
Dropping
BitRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 22c86ceaed13287d9bdcc4bb9e7ee4c383c5c1422eee3f75a10f7fd0ffe3b589

Comments