MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 598dbf13e324981b55a2f684d7c6a7c70c23e7154bb74e8a79cdbd813c49bc0a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FirebirdRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 598dbf13e324981b55a2f684d7c6a7c70c23e7154bb74e8a79cdbd813c49bc0a
SHA3-384 hash: 7dde36d2162e37bc99434b4e38327a4999ba183c4f71dd0e1aab7eedb585a63a3af842901107a2f22154c72789bee904
SHA1 hash: ca207cb8f384cee12f385c55eb8e736494e9bcfa
MD5 hash: 4a7e7b229be5c9583c89c8a53601366c
humanhash: eighteen-white-uncle-football
File name:NEW SC ORDER.zip
Download: download sample
Signature FirebirdRAT
Create hunting rule
File size:1'452'257 bytes
First seen:2020-12-15 17:27:57 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:5vpLZDjLaH+arG/06rIzOfiNzCwOp3cs9+IrBfeFe8oetshgJ8S0H7bKWcxXSB:5hLVsCM+qNzCJd91IFOjTP7X8iB
TLSH 9D6533A965C2FBC6C9C1C1176FF3940AA6DFC09A81286ED949F83FD932951ED9E01D0C
Reporter abuse_ch
Tags:FirebirdRAT RAT zip


Avatar
abuse_ch
Malspam distributing FirebirdRAT:

HELO: geetoolsmtp4.wickcz3wjevexd0kwxo5mu0d1a.yx.internal.cloudapp.net
Sending IP: 13.78.133.2
From: Sales Manager <admin@huntai.com.tw>
Subject: Merry xmas and Happy New Year!!!
Attachment: NEW SC ORDER.zip (contains "NEW SC #ORDER.scr")

FirebirdRAT C2:
79.137.109.121:2009

Intelligence

File Origin
# of uploads :
1
# of downloads :
211
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fs331.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/598dbf13e324981b55a2f684d7c6a7c70c23e7154bb74e8a79cdbd813c49bc0a/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lgg36e7desmbwvnc62cnprvhy4gchzyvjo3u5ctzzw6ycpcjxqfa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/598dbf13e324981b55a2f684d7c6a7c70c23e7154bb74e8a79cdbd813c49bc0a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FirebirdRAT

zip 598dbf13e324981b55a2f684d7c6a7c70c23e7154bb74e8a79cdbd813c49bc0a

(this sample)

FirebirdRAT

Executable exe f59e7ab2069c641ee4b94baf0a593296692bd917f8c3b6330295fd1f00dffe82

  
Dropping
MD5 86a05898ed9c72e199fdd2702469aa3f
  
Dropping
FirebirdRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f59e7ab2069c641ee4b94baf0a593296692bd917f8c3b6330295fd1f00dffe82

Comments