MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5acdc48ba968ef0ea6c0732dd77b352415f3535d1405d9814870401d40466e5e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5acdc48ba968ef0ea6c0732dd77b352415f3535d1405d9814870401d40466e5e
SHA3-384 hash: f242a044095c760bffe7f4279a2b9d87ed92f8ff3a90dabf2bf7d169bafcb09f8d51e0092e020f374acc0534f0bb9a92
SHA1 hash: 97552c910d54a41da07fb2c5a1038fb67de1b184
MD5 hash: d210b2c849cf123efb2feadfd76ea913
humanhash: wisconsin-maryland-october-georgia
File name:Dokument.img
Download: download sample
Signature BitRAT
Create hunting rule
File size:2'519'040 bytes
First seen:2021-02-22 12:54:55 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 49152:SEpF63vDG5RX0yIXP6GWSCcwhxWqpitZKSS2zzICv:1ivDGHePFCzvWH3KSS4I
TLSH CEC5D01532016F2DF03DC33A59AC2A1997F89907D3A1DF2BBDF910EB5A61F21832651E
Reporter abuse_ch
Tags:BitRAT DEU geo img RAT


Avatar
abuse_ch
Malspam distributing BitRAT:

HELO: 107-174-142-107-host.colocrossing.com
Sending IP: 107.174.142.107
From: reichelt@xtr-global.de
Subject: Unterschrift erforderlich
Attachment: Dokument.img (contains "Dokument.exe")

BitRAT C2:
venomrating.hopto.org:4712 (198.102.14.18)

Intelligence

File Origin
# of uploads :
1
# of downloads :
135
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.27107.21050.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5acdc48ba968ef0ea6c0732dd77b352415f3535d1405d9814870401d40466e5e/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-22 12:55:07 UTC
AV detection:
6 of 47 (12.77%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=llg4jc5jndxq5jwaomw5o6zveqk7gu25cqc5takiobab2qcgnzpa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
BitRat
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5acdc48ba968ef0ea6c0732dd77b352415f3535d1405d9814870401d40466e5e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

BitRAT

img 5acdc48ba968ef0ea6c0732dd77b352415f3535d1405d9814870401d40466e5e

(this sample)

BitRAT

Executable exe 68087284713cf5b3080650a0f37fa67db5eff1b18c7cac032e0fa0c19752c118

  
Dropping
MD5 7d939ae6a2f2906fe21e90c3307d2be9
  
Dropping
BitRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 68087284713cf5b3080650a0f37fa67db5eff1b18c7cac032e0fa0c19752c118

Comments