MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 83665f8cf0fc798b6dbeca777554aeaeb9d9cc53e27674c36e67294729d118f0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 7


Intelligence 7 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 83665f8cf0fc798b6dbeca777554aeaeb9d9cc53e27674c36e67294729d118f0
SHA3-384 hash: 3f245da456b55ce388d53ba075bffec9102dba8f29aaa2bad18f0e8969371db280871319257c23d23edaa0fe2cbb4707
SHA1 hash: 8a62881824973af6bb8b19411dcbf69c03ff7423
MD5 hash: 038a0b84d1979d20c7a0788f3ca5a4ae
humanhash: six-freddie-tennis-lemon
File name:SecuriteInfo.com.Trojan.GenericKD.36231806.23802.12588
Download: download sample
Signature BitRAT
Create hunting rule
File size:4'050'944 bytes
First seen:2021-02-03 14:16:35 UTC
Last seen:Never
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 98304:TKrS7bJY16zshN809mxpLtmdv5onydJ8hBRNDkBPa8r:vJPzkz9cpLWJdYrZ
Threatray 87 similar samples on MalwareBazaar
TLSH A0161212B2E14437C1731A3ACC2B97696A3ABF502A24A4877BF43D4C9F357D17929387
Reporter SecuriteInfoCom
Tags:BitRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/115337/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.36231806.23802.12588.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/83665f8cf0fc798b6dbeca777554aeaeb9d9cc53e27674c36e67294729d118f0/
Threat name:
Win32.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2021-01-23 02:01:16 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qntf7dhq7r4yw3n6zj3xkvfov245ttct4j3hjq3om4uuokorddya._file
Verdict:
malicious
Similar samples:
1c1b2595e6838a1ee24e806ff60b80a40ad7166caaaaf65080deda57c7292c53
BitRAT
22c86ceaed13287d9bdcc4bb9e7ee4c383c5c1422eee3f75a10f7fd0ffe3b589
BitRAT
2ddd796e9b53ab3d7eaf4093529077f637f182a934a851af24da8c8f189aeed3
BitRAT
3cf331e46b6f16ef2a591637b64865d81b19e016ad3f4f3280aa1a872f1261ab
BitRAT
56d0c7b288fe323703e31519f296d7a1ed4811bc8eb7cf87c56082499aaff297
BitRAT
76e5467f267a4bca00af800094c3a92f6bd51de54737f07c533d091e2f219b40
BitRAT
80104e0ad490b44a632a15e5875e7626db7f35fa94d7aadf19c45a621d75c7e0
BitRAT
8fdc007dd13e7c0c5bbe426da723499db81518697eb84d2fd2a0181996d276fa
BitRAT
ef3436a1198e62ccb908d35b3dea6cfed17414f2e59ab62686277d978f5fd73c
BitRAT
fcb2107f5b1fe383bdd0f8ec5d085a1ed2be421ce2c1616a767b597c6b7003f7
BitRAT
+ 77 additional samples on MalwareBazaar
Result
Malware family:
bitrat
Create hunting rule
Score:
  10/10
Tags:
family:bitrat ransomware trojan
Link:
https://tria.ge/reports/210203-f7xtq8ryp2/
Behaviour
Checks SCSI registry key(s)
Modifies Control Panel
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Enumerates physical storage devices
Suspicious use of NtSetInformationThreadHideFromDebugger
Enumerates connected drives
Drops startup file
Loads dropped DLL
Executes dropped EXE
BitRAT
BitRAT Payload
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Gamarue
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/83665f8cf0fc798b6dbeca777554aeaeb9d9cc53e27674c36e67294729d118f0

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Email_stealer_bin_mem
Create hunting rule
Author:James_inthe_box
Description:Email in files like avemaria
Rule name:IPPort_combo_mem
Create hunting rule
Author:James_inthe_box
Description:IP and port combo
Rule name:Select_from_enumeration
Create hunting rule
Author:James_inthe_box
Description:IP and port combo
Rule name:SharedStrings
Create hunting rule
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples
Rule name:UAC_bypass_bin_mem
Create hunting rule
Author:James_inthe_box
Description:UAC bypass in files like avemaria

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

BitRAT

Microsoft Software Installer (MSI) msi 83665f8cf0fc798b6dbeca777554aeaeb9d9cc53e27674c36e67294729d118f0

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/989097/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/115337/

Comments