MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 63de4d8ac78d5ac2fe485de40bd6ecc4105fd0616600b4765eb66f39e9b5d058. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 63de4d8ac78d5ac2fe485de40bd6ecc4105fd0616600b4765eb66f39e9b5d058
SHA3-384 hash: 9b6fd44b9cb66ffbb90db96aeadf91f952841ae8697a326d2c67fb0bae32e3111b6dcf1a9a9baf08edc2f855aa1f9fa0
SHA1 hash: e794e1bda94bfb8addb196e95bd172fb1b47a0ec
MD5 hash: a5c5bfe52d851f80df634f72ea1f755c
humanhash: oscar-wyoming-harry-jig
File name:zirat_deme .pdf.jpg.img
Download: download sample
Signature BitRAT
Create hunting rule
File size:1'245'184 bytes
First seen:2021-01-20 13:55:21 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:xZzgVLUISSD5PIbjYTtFdoiVnD0y6QzyFgdbocXf:xeSID1gYTnqiBzyAbo
TLSH 094573613FC45A55E5FB873A2DA36CB31F2139C673A78728B45D03766F40AE41E26A03
Reporter abuse_ch
Tags:BitRAT geo img RAT TUR ZiraatBank


Avatar
abuse_ch
Malspam distributing BitRAT:

HELO: rdns0.officetemplatezone.club
Sending IP: 192.161.184.108
From: ZİRAAT BANKASI <ziraat@yayin.ziraatbank.com.tr>
Reply-To: commercial.rlavel@gmail.com
Subject: Ödeme
Attachment: zirat_deme .pdf.jpg.img (contains " zirat_Ödeme .scr")

BitRAT C2:
jegebit.duckdns.org:43360 (193.239.147.22)

Intelligence

File Origin
# of uploads :
1
# of downloads :
143
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.ArtemisB429A3FA5EC2.16397.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/63de4d8ac78d5ac2fe485de40bd6ecc4105fd0616600b4765eb66f39e9b5d058/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mppe3cwhrvnmf7silxsaxvxmyqif7udbmyali5s6wzxtt2nv2bma._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/63de4d8ac78d5ac2fe485de40bd6ecc4105fd0616600b4765eb66f39e9b5d058

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

BitRAT

img 63de4d8ac78d5ac2fe485de40bd6ecc4105fd0616600b4765eb66f39e9b5d058

(this sample)

BitRAT

Executable exe 7fd7f40eb596ec6e50350e8b76a874dcd137229bf6cd86f8822fda8b0e7a37cc

  
Dropping
MD5 b429a3fa5ec2187dce78dc9c273cc240
  
Dropping
BitRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7fd7f40eb596ec6e50350e8b76a874dcd137229bf6cd86f8822fda8b0e7a37cc

Comments