MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85076096e4aedfd73ef4d9c0f44f79b0388bca1ea96978917dd0c5fcc7c87f77. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 10


Intelligence 10 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 85076096e4aedfd73ef4d9c0f44f79b0388bca1ea96978917dd0c5fcc7c87f77
SHA3-384 hash: 57994a13ead91e63155516d3ba93153d3be00101ac17522b9d96f196f0ec832548d07a924e3b6ff9cc15464e034371a0
SHA1 hash: 719762da1d8184c311e33882f5b3186d09626d0b
MD5 hash: ac4357e0fcb7a9b6cd5de1eba95da5c8
humanhash: early-october-foxtrot-moon
File name:ac4357e0fcb7a9b6cd5de1eba95da5c8
Download: download sample
Signature BitRAT
Create hunting rule
File size:3'941'888 bytes
First seen:2021-06-24 02:56:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 71955ccbbcbb24efa9f89785e7cce225 (57 x BitRAT)
ssdeep 49152:gXUIEeZzdeh/c7p1rNdd+JNEj0ykdj21x1YhFlX4bA/Hg/11VzeLG/7wqNKB2VIq:gXrEeZzdhjuV/gd1VzsGUqNKTHvQekR
Threatray 237 similar samples on MalwareBazaar
TLSH 6306CF02FA41C562D2670230E9AE77BE057CF5344B2085C3B3946E6859B66D17A3BF3B
Reporter zbetcheckin
Tags:32 BitRAT exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
109
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
ac4357e0fcb7a9b6cd5de1eba95da5c8
Verdict:
Malicious activity
Analysis date:
2021-06-24 02:59:20 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/87c8ab27-b0a8-4dec-8322-165d59928cf0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Win.Malware.Mikey-9819889-0
Create hunting rule

ditekSHen.MALWARE.Win.Trojan.BitRAT.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
BitRAT
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d3af86f3-f90f-4529-a451-c4afdd29469e
Result
Threat name:
BitRAT Xmrig
Create hunting rule
Detection:
malicious
Classification:
troj.evad.mine
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/807107
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to hide a thread from the debugger
Contains functionality to inject code into remote processes
Creates files in alternative data streams (ADS)
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected BitRAT
Yara detected Xmrig cryptocurrency miner
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/85076096e4aedfd73ef4d9c0f44f79b0388bca1ea96978917dd0c5fcc7c87f77/
Threat name:
Win32.Backdoor.ParalaxRat
Create hunting rule
Status:
Malicious
First seen:
2021-06-22 02:11:36 UTC
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qudwbfxev3p5opxu3hapit3zwa4ixsq6vfuxrel52dc7zr6ip53q._file
Verdict:
malicious
Similar samples:
1e92ffaaee0217be3540c5a8e0b465d639008e15bb1335fc1aab14ef252f4072
BitRAT
405615def0f1ed392a6273ab7c23a2e5fc01bc2cb978b7f3f2040d4a3c57d37a
BitRAT
4cf44d352a41e3125ec55db9e83843e57a8a4345781fb7a4a8535935b0b87906
BitRAT
53592d15fc275a7c603b2c80baf9ca7d3e2f7eebe82ba8eca971ff1c005ab353
BitRAT
6110c332c287a7ac7fadde14aa3b69190a415e11f664f6746b461b589e0276cd
BitRAT
6387b0ded51410f864b093626cfa7e711c8885d6870996f8138de12ced45730c
BitRAT
6cd85d78caec047483007ee54b8f4cea13d29c648b7f4bd500ce199f360f1518
BitRAT
8f09e478721eecc723aa346c56541183c78bcaa6b97f08b8d33b84022881178a
BitRAT
dfeaef515d92681d5d23ace741b56e14ec71b9042427874c15ef2db030c47b95
BitRAT
e5aea3844b9f8f3811b6c3e3ff58e84793806b58da0064743235b7c6e476e624
BitRAT
+ 227 additional samples on MalwareBazaar
Result
Malware family:
bitrat
Create hunting rule
Score:
  10/10
Tags:
family:bitrat persistence
Link:
https://tria.ge/reports/210624-s6as2p811a/
Behaviour
Suspicious behavior: RenamesItself
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Adds Run key to start application
Unpacked files
SH256 hash:
85076096e4aedfd73ef4d9c0f44f79b0388bca1ea96978917dd0c5fcc7c87f77
MD5 hash:
ac4357e0fcb7a9b6cd5de1eba95da5c8
SHA1 hash:
719762da1d8184c311e33882f5b3186d09626d0b
Link:
https://www.unpac.me/results/b8336996-d009-4e96-b9c1-7482bd8a30c0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/85076096e4aedfd73ef4d9c0f44f79b0388bca1ea96978917dd0c5fcc7c87f77

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Email_stealer_bin_mem
Create hunting rule
Author:James_inthe_box
Description:Email in files like avemaria
Rule name:MALWARE_Win_BitRAT
Create hunting rule
Author:ditekSHen
Description:Detects BitRAT RAT

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

BitRAT

Executable exe 85076096e4aedfd73ef4d9c0f44f79b0388bca1ea96978917dd0c5fcc7c87f77

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1393383/

Comments