MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 96f69fe5148b0838909afe927aa280b4919b7f12b1593ed4a461de49fa725b1b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 96f69fe5148b0838909afe927aa280b4919b7f12b1593ed4a461de49fa725b1b
SHA3-384 hash: 37cd01984ada4e118250f44d810e143bba3ebd255c244770f2b58cd2010f4e4656e1bfab5e5ecb9e253d192fb9d14bbe
SHA1 hash: d452b2446af45672a4eead7e7d7e8f8852f93d4d
MD5 hash: efe153e2ce91531934c603d42a162eac
humanhash: quebec-mike-ink-nevada
File name:efe153e2ce91531934c603d42a162eac.exe
Download: download sample
Signature BitRAT
Create hunting rule
File size:10'982'248 bytes
First seen:2021-09-30 05:32:28 UTC
Last seen:2021-09-30 21:32:44 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0ab020de3096b6aafb4fadfac4d16825 (16 x CryptBot, 3 x ArkeiStealer, 3 x LockBit)
ssdeep 196608:b+gqLKB2pZczbhm+J+3yNigQfsPt5qWPNOkq6gUnGT3XY/2inKSP4XMp:b+jOB2pKpmc+3EQfrWckqdUGrXY/xnK6
Threatray 538 similar samples on MalwareBazaar
TLSH T105B60230768BC42BD5A605B15A3CDB9F5128BFB60F6250C7A3E42EAE54B48C35731E27
File icon (PE):PE icon
dhash icon 6ded69c7b130b2c0 (12 x CryptBot, 8 x ValleyRAT, 4 x NetSupport)
Reporter abuse_ch
Tags:BitRAT exe RAT

Intelligence

File Origin
# of uploads :
2
# of downloads :
138
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
efe153e2ce91531934c603d42a162eac.exe
Verdict:
Malicious activity
Analysis date:
2021-09-30 05:34:01 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/47ce2223-010b-4b9d-a1bf-a24ef8740f6c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/193312/
Detection(s):
SecuriteInfo.com.Win32.Kryptik.HMRG.21641.4765.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/c3c6833d-bb67-4b94-a13a-7640d3133be2
Result
Threat name:
BitRAT
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/861526
Signature
C2 URLs / IPs found in malware configuration
Creates files in alternative data streams (ADS)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Hides threads from debuggers
Multi AV Scanner detection for dropped file
PE file has a writeable .text section
Yara detected BitRAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/96f69fe5148b0838909afe927aa280b4919b7f12b1593ed4a461de49fa725b1b/
Threat name:
Win32.Spyware.Solmyr
Create hunting rule
Status:
Malicious
First seen:
2021-09-30 05:33:46 UTC
AV detection:
5 of 45 (11.11%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=s33j7ziurmedree272jhviuawsizw7yswfmt5vfemhpet6tslmnq._file
Verdict:
malicious
Similar samples:
3555826df75751600d127b343a3214a0f9b4c211b1fdcdf9ccceb1dda6be5f27
BitRAT
38b2cd6c40791c11a2cdb5f2c31f2304175a202e11e25bfcc87ed914e6bf5902
BitRAT
42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3
BitRAT
4f2ada4fba44e50c0c23762724b98dcd98d54340ace84ea1493358987c3dfebd
BitRAT
57e2f9ee6aaad4097ac2b1151fe1cf9546c8fbc470670b73c8039285f4fd4db5
BitRAT
73c1188d93bd4318a830cb6d891aae7580a61c396ce37ba3676a321bbd3a137e
BitRAT
e045b4a1c9f6640814f6e39903e1f03f2c7f1e3b3d1c6dbf07a409732655eff4
BitRAT
ec5e384e2dc1a77a23eaf3130d6fe73abf081fa7433e0d67295926943813a2c9
BitRAT
+ 528 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210930-f8wh3agee8/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Windows directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Enumerates connected drives
Drops startup file
Loads dropped DLL
Blocklisted process makes network request
Executes dropped EXE
Unpacked files
SH256 hash:
96f69fe5148b0838909afe927aa280b4919b7f12b1593ed4a461de49fa725b1b
MD5 hash:
efe153e2ce91531934c603d42a162eac
SHA1 hash:
d452b2446af45672a4eead7e7d7e8f8852f93d4d
Link:
https://www.unpac.me/results/afe47719-94cc-43de-8403-6118815f0fef/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/96f69fe5148b0838909afe927aa280b4919b7f12b1593ed4a461de49fa725b1b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/193312/

Comments