MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 87d9e33fdf9dd0c6019a6d25fc16abebafea0b49aad69ef2deff5a5ca61ead78. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 87d9e33fdf9dd0c6019a6d25fc16abebafea0b49aad69ef2deff5a5ca61ead78
SHA3-384 hash: 1394c65d73161f42aaad36b07a2be96815582af7cee341f0146a35e5465fb7f959b075540110745566a446135044d81b
SHA1 hash: 540840494da34535a6e36e9ff175c8f8538c8f2e
MD5 hash: 33bdddfe75b179f0e9728116226fbe4b
humanhash: summer-lima-blossom-florida
File name:INVOICE98773ORDER.rar
Download: download sample
Signature BitRAT
Create hunting rule
File size:2'279'894 bytes
First seen:2021-03-08 15:04:24 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 49152:L9wqbZmRfhQzvRCZ985iiEdhiysFew8IicGHzyia81+w:L6iZmozvIo5iiYy3GHo2+w
TLSH 78B533B2949952AF6CD3D3F30A2711647279031B2DE1E32B6E8A02FC35BC7295D15B36
Reporter abuse_ch
Tags:rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: server2.intuya.com
Sending IP: 81.169.192.7
From: ALIMENTOS MURCIA <info@alimurcia.com>
Subject: PROFORM INVOICE
Attachment: INVOICE98773ORDER.rar (contains "INVOICE98773ORDER.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Gathering data
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-03-08 12:44:18 UTC
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=q7m6gp67tximmam2nus7yfvl5ox6uc2jvllj54w675nfzjq6vv4a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/87d9e33fdf9dd0c6019a6d25fc16abebafea0b49aad69ef2deff5a5ca61ead78

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

BitRAT

rar 87d9e33fdf9dd0c6019a6d25fc16abebafea0b49aad69ef2deff5a5ca61ead78

(this sample)

BitRAT

Executable exe 8948c6ec9f9e49de7b8546ae27fbaf0d95cb773c27cd10a1d62a45f7608dd651

  
Dropping
MD5 fac0e383797f81f4bda2de2d138a5d7c
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8948c6ec9f9e49de7b8546ae27fbaf0d95cb773c27cd10a1d62a45f7608dd651

Comments