MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4cdfc8c1032ededddcecd13894424bc36e15173ca5cabefe38d0fa7db33d4491. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4cdfc8c1032ededddcecd13894424bc36e15173ca5cabefe38d0fa7db33d4491
SHA3-384 hash: fe720a3b9d088c3eb6d3be2fc027fa601040a1a050d2bc7db27449942ddf135a46b76b7a1461875b5dbf3bb0fe827e97
SHA1 hash: 7fa9f65c6c9608bfa50c8e98b5d0c2bee21a859a
MD5 hash: cc4114bca038251f661623a293ee4ac6
humanhash: purple-may-magazine-don
File name:cc4114bca038251f661623a293ee4ac6.exe
Download: download sample
Signature BitRAT
Create hunting rule
File size:4'446'085 bytes
First seen:2021-02-26 14:42:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d6ac9616587efac71db41aa72947d988 (6 x BitRAT, 1 x QuasarRAT)
ssdeep 98304:YuWNQ0kKDhLa1xecuMJWJ4qnP6x0V2ucdIlpX:diQ0Nirvk2qSxHyX
Threatray 4'224 similar samples on MalwareBazaar
TLSH 4026D023AE049FE0EA0309F50A469949BA40741CD49FFD8769859608D63F9C7F4FF7A8
Reporter abuse_ch
Tags:BitRAT exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
113
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
cc4114bca038251f661623a293ee4ac6.exe
Verdict:
Malicious activity
Analysis date:
2021-02-26 14:45:21 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a76db2c2-a76e-4963-81b2-1746fab36dc2

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/119434/
Detection(s):
Win.Malware.Johnnie-9835561-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %AppData% subdirectories
Unauthorized injection to a recently created process
Sending a UDP request
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/619788
Signature
Contain functionality to detect virtual machines
Detected unpacking (changes PE section rights)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4cdfc8c1032ededddcecd13894424bc36e15173ca5cabefe38d0fa7db33d4491/
Threat name:
Win32.Trojan.Johnnie
Create hunting rule
Status:
Malicious
First seen:
2021-02-26 14:43:06 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jtp4rqidf3pn3xhm2e4jiqslynxbkfz4uxfl57ry2d5h3mz5isiq._file
Verdict:
malicious
Similar samples:
74defd8809c3c66152c56c0f711d60e7110683784e42df2d80dcf3e30c412f6a
BitRAT
89977d91a899a6381a107a4f2dea8d3611d4903564510b94a6b0b37c53032fa6
BitRAT
8f16e3a601a2ecbe08bb764289fc0766df7ca8e634f5490d905055be4f827364
BitRAT
b8fb56d3c66d2b6280cf2be3fb58de14e9103989429d78861bd712479424c4f6
BitRAT
ba09c031c8345f685a7da248184f5bdec2007989bbaabe9f299b601c2734541d
BitRAT
bbe69e17d653a71131e0c9fd787429245db67bd8f432b279a85881b2b1cfbf77
BitRAT
be1d469e7f434641202ffde45e666cd4b1d255814f8cbf344a3aff1e78e86768
BitRAT
c482ebed5672bdbc0cca51b79bbb7babaa82a678142d981a7dd009ad813c20d7
BitRAT
dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d
BitRAT
ebc82e867e1280af5cb01ed64745b4a4e5fa48c2ea64557bbaeb7b391e852c2f
BitRAT
+ 4'214 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/210226-t2c8f59c82/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Unpacked files
SH256 hash:
80d56dadaedd8a83c57a93a4c1e3252497b23eae896bc92796628315afdbcc73
MD5 hash:
2fba20ea538a31ace3d7c8885b86237b
SHA1 hash:
d8ab5183b9e42abded9543996410e116a6787f08
Link:
https://www.unpac.me/results/25cba254-995a-4aff-8ec1-bb5c4dfc84e1/
SH256 hash:
4cdfc8c1032ededddcecd13894424bc36e15173ca5cabefe38d0fa7db33d4491
MD5 hash:
cc4114bca038251f661623a293ee4ac6
SHA1 hash:
7fa9f65c6c9608bfa50c8e98b5d0c2bee21a859a
Link:
https://www.unpac.me/results/25cba254-995a-4aff-8ec1-bb5c4dfc84e1/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

BitRAT

Executable exe 4cdfc8c1032ededddcecd13894424bc36e15173ca5cabefe38d0fa7db33d4491

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/119434/
  
URLhaus
https://urlhaus.abuse.ch/url/1031102/
  
Delivery method
Distributed via web download

Comments