MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8992ba0ccdfcbe95e47873465bb28cb3f007b2159cfc422e724f07580bc30b37. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8992ba0ccdfcbe95e47873465bb28cb3f007b2159cfc422e724f07580bc30b37
SHA3-384 hash: 6c6ad9978464359ee3814100a98464f156ffb59ca1c604022d6f472da5872f9a96adf8cc3718abdb58d96449f8588b9c
SHA1 hash: cd8397f2879bf9539282125a69e8926672eb0003
MD5 hash: 153c0eec043572b4504f6025bcca7324
humanhash: quiet-magazine-helium-music
File name:Shipping_Details.iso
Download: download sample
Signature BitRAT
Create hunting rule
File size:1'769'472 bytes
First seen:2020-11-18 12:14:00 UTC
Last seen:2020-11-18 12:15:50 UTC
File type: iso
MIME type:application/x-iso9660-image
ssdeep 24576:zVRBd2mRUfVk/x8JJdv5F14bGo2CPHhsn6q/FoF:zVRBdEG/6JdB74bGH16+F
TLSH 798518BC361075DFC95BCC76CAA82C64AE60287B970BD203A01715EDAA1DA97DF141F3
Reporter abuse_ch
Tags:BitRAT DHL iso RAT


Avatar
abuse_ch
Malspam distributing BitRAT:

HELO: smtp15
Sending IP: 138.91.89.223
From: DHL Customer Service <admin@dhl.com>
Subject: DHL - Pending delivery
Attachment: Shipping_Details.iso (contains "Shipping_Details.exe")

BitRAT C2:
23.105.131.165:8094

Intelligence

File Origin
# of uploads :
2
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8992ba0ccdfcbe95e47873465bb28cb3f007b2159cfc422e724f07580bc30b37/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-18 11:38:48 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rgjludgn7s7jlzdyondfxmumwpyapmqvtt6eeltsj4dvqc6dbm3q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

BitRAT

iso 8992ba0ccdfcbe95e47873465bb28cb3f007b2159cfc422e724f07580bc30b37

(this sample)

BitRAT

Executable exe de5c46975f4bd7759bf711ea3ecc5833c0eadac92b466806e3a2cdcb57b7da19

  
Dropping
MD5 8c2449e1efd343e82c4ad71877c0fa88
  
Dropping
BitRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 de5c46975f4bd7759bf711ea3ecc5833c0eadac92b466806e3a2cdcb57b7da19

Comments