MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51df3efd5ca29b397fa1baf171a24512b5b35aaabd1366371e7aceac1f16cc46. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 51df3efd5ca29b397fa1baf171a24512b5b35aaabd1366371e7aceac1f16cc46
SHA3-384 hash: db9dc748cad24d6440508e8f6ea8bcbc8b284461ad7efd06e1bb360ba003cf8ecee16b4bd46f28b2a50a6d43d86790f2
SHA1 hash: 9f519d060e300498e80217e2ce94dc37ebae4d80
MD5 hash: f4f142a313965b0540d8dd0ee052903a
humanhash: bakerloo-bakerloo-arkansas-maryland
File name:f4f142a313965b0540d8dd0ee052903a
Download: download sample
Signature BitRAT
Create hunting rule
File size:4'892'328 bytes
First seen:2021-11-14 19:38:50 UTC
Last seen:2021-11-14 21:54:58 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f004fffd794021c1fd1973c589ff06fc (1 x BitRAT)
ssdeep 98304:n2Wv9zmpso6ceElXXUrk0fMSWN9sCibzezvFK:nbw605m/WNq3y
Threatray 448 similar samples on MalwareBazaar
TLSH T1D536226266020055D0E5C8399537BEE1F2B1165BCE92FC7677CEA9C82F322E4E217C97
File icon (PE):PE icon
dhash icon 2907ceeafb8e0729 (2 x CoinMiner, 1 x BitRAT)
Reporter zbetcheckin
Tags:32 BitRAT exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
131
Origin country :
n/a
Vendor Threat Intelligence
Detection:
BitRAT
Create hunting rule
Link:
https://www.capesandbox.com/analysis/205709/
Detection(s):
SecuriteInfo.com.Trojan.Win32.Save.a.14745.32106.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Setting a global event handler
Connection attempt
Sending a custom TCP request
Sending a UDP request
Setting a global event handler for the keyboard
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug greyware overlay packed
Link:
https://www.filescan.io/uploads/619165d9dec3347825a491c8/reports/594edf2b-6001-4721-979c-af60d58c44d3/overview
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/0990ea97-1e57-436b-8b60-3a0403c4e3c4
Result
Threat name:
BitRAT
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/888985
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Yara detected BitRAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/51df3efd5ca29b397fa1baf171a24512b5b35aaabd1366371e7aceac1f16cc46/
Threat name:
Win32.Trojan.Parallax
Create hunting rule
Status:
Malicious
First seen:
2021-11-14 19:36:08 UTC
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
09a70564723d4a33bb06b1ad49c656f3b4ff32bc50af5fdd08bf3f1f70735bdb
BitRAT
187c5699381bf37552882dce7593759d8ab041e916c4493341080df0de46fdea
BitRAT
18b96a50da281d031e2ce58c2143a9c1bf4868c710bbcc61b7d147038b449e2b
BitRAT
84c32cb403361a5d8d8117cf941b89c6c819ac453a0e1f411eb5c2952cc35e7c
BitRAT
96f69fe5148b0838909afe927aa280b4919b7f12b1593ed4a461de49fa725b1b
BitRAT
af7800b9d14d41db33e7aeb100aac52bcae40bd7dfa2f151ffb4e76e810ea965
BitRAT
dd05e52bc134d7e198df6f57f147968ce91aded6e949b67d8ec9c24f31117954
BitRAT
edb2077ae4bfdc5b987c2191fe2afad2746453533a5f300df530a26014f45298
BitRAT
+ 438 additional samples on MalwareBazaar
Result
Malware family:
bitrat
Create hunting rule
Score:
  10/10
Tags:
family:bitrat suricata trojan
Link:
https://tria.ge/reports/211114-ycyyesdgal/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
BitRAT
BitRAT Payload
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
Unpacked files
SH256 hash:
040461539ce2c1b613a0ed20105d010b4653ba1bbc522b47ca557d4d1a7afc96
MD5 hash:
49e9520eb1f2ea81b5e29084f853f090
SHA1 hash:
696e3b6c45a5539a015ee56a51b5244a1811fac7
Link:
https://www.unpac.me/results/d0605c78-e793-4a7c-8849-155fc877906f/
SH256 hash:
51df3efd5ca29b397fa1baf171a24512b5b35aaabd1366371e7aceac1f16cc46
MD5 hash:
f4f142a313965b0540d8dd0ee052903a
SHA1 hash:
9f519d060e300498e80217e2ce94dc37ebae4d80
Link:
https://www.unpac.me/results/d0605c78-e793-4a7c-8849-155fc877906f/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

BitRAT

Executable exe 51df3efd5ca29b397fa1baf171a24512b5b35aaabd1366371e7aceac1f16cc46

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1786472/
Cape
Cape
https://www.capesandbox.com/analysis/205709/
  
URLhaus
https://urlhaus.abuse.ch/url/1786549/

Comments


Avatar
zbet commented on 2021-11-14 19:38:51 UTC

url : hxxp://capraroconsulting.com/2.exe