MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7acd63274b81b72ef23396d8e8ec007adc22b4a74a2242a07a75466c3805df42. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 9


Intelligence 9 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7acd63274b81b72ef23396d8e8ec007adc22b4a74a2242a07a75466c3805df42
SHA3-384 hash: 77bfee3acf47a57eea0a5018ffdde12a7ef359d5e3e90ec9232e59cc5e039b2ddf75ff80b568cc83f88e64cc3871c1cf
SHA1 hash: 3c4ea65726ca0b61beb6e120c7f780b28f11abd3
MD5 hash: 92dd684dae1d6dad4491cc1c58a63bb9
humanhash: nuts-washington-island-maryland
File name:OzygoxrbzzvtmyjupcpndcovpjxtqpiywjSigned.exe
Download: download sample
Signature BitRAT
Create hunting rule
File size:942'080 bytes
First seen:2021-06-22 18:36:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7d2a11b688659c9baad015ccd9f8c122 (2 x BitRAT)
ssdeep 12288:7dJDIO4I7RsW6/gWwwNAloZDtG0LMpQOlyoS5TpVnb7x3w/wrHJ8:7dJ8OvC/gUNMozDROQPTppb7x3LrH
Threatray 497 similar samples on MalwareBazaar
TLSH 23159DE2935144B7E8B32A79ED0BAAD4D4287DE07E24ECCAA7F07D054F343A13965097
Reporter abuse_ch
Tags:BitRAT exe RAT


Avatar
abuse_ch
BitRAT C2:
20.98.18.253:2222

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
20.98.18.253:2222 https://threatfox.abuse.ch/ioc/142004/

Intelligence

File Origin
# of uploads :
1
# of downloads :
137
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
OzygoxrbzzvtmyjupcpndcovpjxtqpiywjSigned.exe
Verdict:
Malicious activity
Analysis date:
2021-06-22 18:39:10 UTC
Tags:
trojan bitrat rat
Link:
https://app.any.run/tasks/75f98efa-f67b-4282-af33-f89fcbce75e5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
BitRAT
Create hunting rule
Link:
https://www.capesandbox.com/analysis/167664/
Detection(s):
Win.Malware.Fhrt-9863084-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Formbook
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/aec6d22c-ef37-4a6a-ac06-23c31d95bd39
Result
Threat name:
BitRAT Xmrig
Create hunting rule
Detection:
malicious
Classification:
troj.evad.mine
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/806209
Signature
Creates a thread in another existing process (thread injection)
Hides threads from debuggers
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Writes to foreign memory regions
Yara detected BitRAT
Yara detected Xmrig cryptocurrency miner
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7acd63274b81b72ef23396d8e8ec007adc22b4a74a2242a07a75466c3805df42/
Threat name:
Win32.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2021-06-22 18:37:15 UTC
AV detection:
16 of 28 (57.14%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=plgwgj2lqg3s54rts3mor3aaplocfnfhjirefid2ovdgyoaf35ba._file
Verdict:
malicious
Similar samples:
0d182038f62a038b380a4d3c3769d5eb389b08b194b7dce13606252e7e1aff1c
BitRAT
36f34d118ee0769d818d0cdb9b7562262e23233f97fd78c9280e8d5a7c390636
BitRAT
72a21c420bc7b744d977b3b0d68f486257784cac7a44c9b29602b0d23fe0e744
BitRAT
85adf569d259dc53c5099fea6e90ff3a614a406b4308ebdf9f40e8bed151f526
BitRAT
9eaf84474a458ff7b9847687ed30ab6533a54c5ae028a2ec14885884440975f7
BitRAT
c7f5e260a66f326d1a83d859c9b6e9ab88f54de7641a65c6534997581bdc188b
BitRAT
dce7bd6ffb24e1022633df291493bc759eda61266bc34c9753ab7912c31b7e96
BitRAT
e07f10ac73d25b9b70a35c53eaf8a976f0edc117b40cd6a582dbd08ef55bdab5
BitRAT
f3ad47ca842225f405e277f5f2b0521266fe65a90bf746ac39a67990835ddf14
BitRAT
fd25d0297a8890cb63206e28835e6441adb8bb2b7b72b0e85afe5270a4796446
BitRAT
+ 487 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence upx
Link:
https://tria.ge/reports/210622-1g87c31a1a/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of NtSetInformationThreadHideFromDebugger
Adds Run key to start application
UPX packed file
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
a962b300b10f701e3a3c8b4691a11161dd919a542e3ee79b890bfef413c15aa8
MD5 hash:
78c33a69fd2a9e77abcd07eed8b13cf7
SHA1 hash:
dc698bff43357d0e1b5e9c8ccfdf28e2a190aa02
Link:
https://www.unpac.me/results/cdab4c2f-dff3-42ac-a26d-162e0ec33f57/
SH256 hash:
7acd63274b81b72ef23396d8e8ec007adc22b4a74a2242a07a75466c3805df42
MD5 hash:
92dd684dae1d6dad4491cc1c58a63bb9
SHA1 hash:
3c4ea65726ca0b61beb6e120c7f780b28f11abd3
Link:
https://www.unpac.me/results/cdab4c2f-dff3-42ac-a26d-162e0ec33f57/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7acd63274b81b72ef23396d8e8ec007adc22b4a74a2242a07a75466c3805df42

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/167664/

Comments