MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 63de4d8ac78d5ac2fe485de40bd6ecc4105fd0616600b4765eb66f39e9b5d058. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



BitRAT


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments

SHA256 hash: 63de4d8ac78d5ac2fe485de40bd6ecc4105fd0616600b4765eb66f39e9b5d058
SHA3-384 hash: 9b6fd44b9cb66ffbb90db96aeadf91f952841ae8697a326d2c67fb0bae32e3111b6dcf1a9a9baf08edc2f855aa1f9fa0
SHA1 hash: e794e1bda94bfb8addb196e95bd172fb1b47a0ec
MD5 hash: a5c5bfe52d851f80df634f72ea1f755c
humanhash: oscar-wyoming-harry-jig
File name:zirat_deme .pdf.jpg.img
Download: download sample
Signature BitRAT
File size:1'245'184 bytes
First seen:2021-01-20 13:55:21 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:xZzgVLUISSD5PIbjYTtFdoiVnD0y6QzyFgdbocXf:xeSID1gYTnqiBzyAbo
TLSH 094573613FC45A55E5FB873A2DA36CB31F2139C673A78728B45D03766F40AE41E26A03
Reporter abuse_ch
Tags:BitRAT geo img RAT TUR ZiraatBank


Avatar
abuse_ch
Malspam distributing BitRAT:

HELO: rdns0.officetemplatezone.club
Sending IP: 192.161.184.108
From: ZİRAAT BANKASI <ziraat@yayin.ziraatbank.com.tr>
Reply-To: commercial.rlavel@gmail.com
Subject: Ödeme
Attachment: zirat_deme .pdf.jpg.img (contains " zirat_Ödeme .scr")

BitRAT C2:
jegebit.duckdns.org:43360 (193.239.147.22)

Intelligence


File Origin
# of uploads :
1
# of downloads :
143
Origin country :
n/a
Vendor Threat Intelligence
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

BitRAT

img 63de4d8ac78d5ac2fe485de40bd6ecc4105fd0616600b4765eb66f39e9b5d058

(this sample)

  
Dropping
BitRAT
  
Delivery method
Distributed via e-mail attachment

Comments