MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 51df3efd5ca29b397fa1baf171a24512b5b35aaabd1366371e7aceac1f16cc46. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
BitRAT
Vendor detections: 9
| SHA256 hash: | 51df3efd5ca29b397fa1baf171a24512b5b35aaabd1366371e7aceac1f16cc46 |
|---|---|
| SHA3-384 hash: | db9dc748cad24d6440508e8f6ea8bcbc8b284461ad7efd06e1bb360ba003cf8ecee16b4bd46f28b2a50a6d43d86790f2 |
| SHA1 hash: | 9f519d060e300498e80217e2ce94dc37ebae4d80 |
| MD5 hash: | f4f142a313965b0540d8dd0ee052903a |
| humanhash: | bakerloo-bakerloo-arkansas-maryland |
| File name: | f4f142a313965b0540d8dd0ee052903a |
| Download: | download sample |
| Signature | BitRAT |
| File size: | 4'892'328 bytes |
| First seen: | 2021-11-14 19:38:50 UTC |
| Last seen: | 2021-11-14 21:54:58 UTC |
| File type: | |
| MIME type: | application/x-dosexec |
| imphash | f004fffd794021c1fd1973c589ff06fc (1 x BitRAT) |
| ssdeep | 98304:n2Wv9zmpso6ceElXXUrk0fMSWN9sCibzezvFK:nbw605m/WNq3y |
| Threatray | 448 similar samples on MalwareBazaar |
| TLSH | T1D536226266020055D0E5C8399537BEE1F2B1165BCE92FC7677CEA9C82F322E4E217C97 |
| File icon (PE): | |
| dhash icon | 2907ceeafb8e0729 (2 x CoinMiner, 1 x BitRAT) |
| Reporter | |
| Tags: | 32 BitRAT exe |
Intelligence
File Origin
# of uploads :
2
# of downloads :
131
Origin country :
n/a
Vendor Threat Intelligence
Detection:
BitRAT
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a window
Setting a global event handler
Connection attempt
Sending a custom TCP request
Sending a UDP request
Setting a global event handler for the keyboard
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
anti-debug greyware overlay packed
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Result
Threat name:
BitRAT
Detection:
malicious
Classification:
troj.evad
Score:
80 / 100
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Yara detected BitRAT
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Parallax
Status:
Malicious
First seen:
2021-11-14 19:36:08 UTC
AV detection:
21 of 28 (75.00%)
Threat level:
5/5
Verdict:
malicious
Similar samples:
+ 438 additional samples on MalwareBazaar
Result
Malware family:
bitrat
Score:
10/10
Tags:
family:bitrat suricata trojan
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
BitRAT
BitRAT Payload
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
Unpacked files
SH256 hash:
040461539ce2c1b613a0ed20105d010b4653ba1bbc522b47ca557d4d1a7afc96
MD5 hash:
49e9520eb1f2ea81b5e29084f853f090
SHA1 hash:
696e3b6c45a5539a015ee56a51b5244a1811fac7
SH256 hash:
51df3efd5ca29b397fa1baf171a24512b5b35aaabd1366371e7aceac1f16cc46
MD5 hash:
f4f142a313965b0540d8dd0ee052903a
SHA1 hash:
9f519d060e300498e80217e2ce94dc37ebae4d80
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.url : hxxp://capraroconsulting.com/2.exe