MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8218b8f30ab4a80e24dcbe79984f5ab0bb8311674098b068f14325487d7d4a47. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

BitRAT

Vendor detections: 11

Intelligence 11 IOCs 1 YARA 3 File information Comments

SHA256 hash:	8218b8f30ab4a80e24dcbe79984f5ab0bb8311674098b068f14325487d7d4a47
SHA3-384 hash:	59e7e0b3d6d4526fdef59a0c073284730b36f676ef2a18228a951ba1bc15e79f0450aa393a30c68a3d192a3e8ca4d0a5
SHA1 hash:	b27db9352fa348e30b946e002ef4d8a4db9d6867
MD5 hash:	07a9d708250b06fc62fcc0321733c202
humanhash:	sixteen-alanine-foxtrot-spring
File name:	07A9D708250B06FC62FCC0321733C202.exe
Download:	download sample
Signature	BitRAT Create hunting rule
File size:	3'943'424 bytes
First seen:	2021-07-13 18:55:53 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	71955ccbbcbb24efa9f89785e7cce225 (57 x BitRAT)
ssdeep	98304:877Pmq33rE/JDLPWZADUGer7B6iY74M/imlwXVZaFB:K+R/eZADUXR
Threatray	280 similar samples on MalwareBazaar
TLSH	T17606CF02FA46C562D2170230E96E77BE053CF9354B2085C3B3946E6859B66D17A3BF3B
Reporter	abuse_ch
Tags:	BitRAT exe RAT

abuse_ch

BitRAT C2:
134.195.89.8:6666

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
134.195.89.8:6666	https://threatfox.abuse.ch/ioc/160132/

Intelligence

File Origin

# of uploads :

# of downloads :

156

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

07A9D708250B06FC62FCC0321733C202.exe

Verdict:

Malicious activity

Analysis date:

2021-07-13 18:59:48 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/0531cf9d-a194-452e-9675-1a5b3df97df6

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

BitRAT

Link:

https://www.capesandbox.com/analysis/171498/

Detection(s):

Win.Malware.Mikey-9819889-0

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

BitRAT

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/4471e36a-06e9-49ae-8702-edd106101038

Result

Threat name:

BitRAT

Detection:

malicious

Classification:

troj.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/815848

Signature

Antivirus / Scanner detection for submitted sample

Hides threads from debuggers

Machine Learning detection for sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected BitRAT

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8218b8f30ab4a80e24dcbe79984f5ab0bb8311674098b068f14325487d7d4a47/

Threat name:

Win32.Backdoor.ParalaxRat

Status:

Malicious

First seen:

2021-07-12 07:07:00 UTC

AV detection:

27 of 29 (93.10%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=qimlr4ykwsua4jg4xz4zqt22wc5ygelhicmla2hrimsuq7l5jjdq._file

Verdict:

malicious

BitRAT

52dbaf7435516b388d60abebda89615a4c2286a663de889a15b45be3b71b0def

BitRAT

550e7873f18235369c6f215691400034417580534f8084e9712de1ead2db8827

BitRAT

60b1e21007ef93c3ac0bb8fcb0d063f2429aae47b4715d0324096887aeb165f8

BitRAT

ade9445823ca1711a80264706d612f5815743d69352619df4c4505cbaf50c640

BitRAT

befaecfa9c1207b951dcf8e72b803cb32d237f16d9e49df1c6c29fcf690b4ec3

BitRAT

d2b6ad926987074e93a769eaf34598a4df8bbb839208c57d4fc1516f9ed1eaa6

BitRAT

+ 270 additional samples on MalwareBazaar

Result

Malware family:

bitrat

Score:

10/10

Tags:

family:bitrat

Link:

https://tria.ge/reports/210713-vka5cswj8s/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Unpacked files

SH256 hash:

8218b8f30ab4a80e24dcbe79984f5ab0bb8311674098b068f14325487d7d4a47

MD5 hash:

07a9d708250b06fc62fcc0321733c202

SHA1 hash:

b27db9352fa348e30b946e002ef4d8a4db9d6867

Link:

https://www.unpac.me/results/12d784a4-a3ca-4f89-86a1-b6d133853716/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/8218b8f30ab4a80e24dcbe79984f5ab0bb8311674098b068f14325487d7d4a47

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Email_stealer_bin_mem Create hunting rule
Author:	James_inthe_box
Description:	Email in files like avemaria

Rule name:	INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFuture Create hunting rule
Author:	ditekSHen
Description:	Detect executables with stomped PE compilation timestamp that is greater than local current time

Rule name:	MALWARE_Win_BitRAT Create hunting rule
Author:	ditekSHen
Description:	Detects BitRAT RAT

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/171498/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample