MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 485001f279b6a9a180b14a1f642ab91f2b7c79c7891520985f061cc3f97ba170. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
BitRAT
Vendor detections: 4
| SHA256 hash: | 485001f279b6a9a180b14a1f642ab91f2b7c79c7891520985f061cc3f97ba170 |
|---|---|
| SHA3-384 hash: | 94978923685446e52457a1b798012ed835647cf566b9ffcbf5f7c47c7bebffff37c68234ac7b89974c90e945b76c7ad7 |
| SHA1 hash: | 1a056150f69adc4016ee8d27e026429416612831 |
| MD5 hash: | 5fa291c7b5fc48d5a8f7d54d0b2fd1a2 |
| humanhash: | connecticut-mirror-sodium-stream |
| File name: | SWIFT_DCREF98302893884939475988EURO9284798783648877374875787839.pdf.rar |
| Download: | download sample |
| Signature | BitRAT |
| File size: | 1'606'014 bytes |
| First seen: | 2021-02-01 08:09:22 UTC |
| Last seen: | Never |
| File type: | rar |
| MIME type: | application/x-rar |
| ssdeep | 49152:i3Rzt8uGeQwswk8leymVeiDjdNmMlIT4b:YRJ8u+6kCeJeilNmyb |
| TLSH | 6E7533637D225CF1286197D99CBBF6111B45A2B629030DCF665932CB70C44EF8E2E8BD |
| Reporter |  abuse_ch |
| Tags: | BitRAT nVpn rar RAT |
abuse_ch
Malspam distributing BitRAT:HELO: rdns0.beirnallc.gq
Sending IP: 217.25.95.8
From: remittances <accountpayableteam@emirates.net.ae>
Subject: Payment Advice Notification
Attachment: SWIFT_DCREF98302893884939475988EURO9284798783648877374875787839.pdf.rar (contains "SWIFT_DCREF98302893884939475988EURO9284798783648877374875787839.pdf.exe")
BitRAT C2:
engr101.gotdns.ch:51817 (185.244.30.225)
Pointing to nVpn:
% Information related to '185.244.30.0 - 185.244.30.255'
% Abuse contact for '185.244.30.0 - 185.244.30.255' is 'abuse@privacyfirst.sh'
inetnum: 185.244.30.0 - 185.244.30.255
remarks: This prefix is assigned to The PRIVACYFIRST Project, which
remarks: operates infrastructure jointly used by various VPN service
remarks: providers. We have a very strong focus on privacy and freedom.
remarks: In case of abuse, we encourage all international law enforcement
remarks: agencies to get in touch with our abuse contact. Due to the fact
remarks: that we keep no logs of user activities and only share data when
remarks: it is legally required under our jurisdiction, it is very unlikely
remarks: for a demand of user information to be successful. Still, that
remarks: should not deter you from reaching out.
netname: PRIVACYFIRST-HU
country: HU
admin-c: TPP15-RIPE
tech-c: TPP15-RIPE
org: ORG-TPP6-RIPE
status: ASSIGNED PA
mnt-by: PRIVACYFIRST-MNT
created: 2019-10-29T14:10:27Z
last-modified: 2020-10-07T21:39:48Z
source: RIPE
Intelligence
File Origin
# of uploads :
1
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Threat name:
Win32.Trojan.Wacatac
Status:
Malicious
First seen:
2021-02-01 08:10:19 UTC
AV detection:
11 of 45 (24.44%)
Threat level:
5/5
Detection(s):
Malicious file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
exe Dropping
BitRAT
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.