MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9d15e5cb8c5018f0367bc8e359ab8e519eaa89bbf19f70d61ca7048d75841249. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9d15e5cb8c5018f0367bc8e359ab8e519eaa89bbf19f70d61ca7048d75841249
SHA3-384 hash: f8bd81c3e660efe1b25e9eae76d31f8f17f1a33a921e9c084be847fc8b7a39c21f189c24fea0cb55dc466a3ac27a502b
SHA1 hash: 8a04016b5a2c4a5b76df5338155298abf0435c25
MD5 hash: 5230b1b23eb54428f088d5247c15fc47
humanhash: montana-football-solar-neptune
File name:PO 200068913.lzh
Download: download sample
Signature BitRAT
Create hunting rule
File size:2'837'750 bytes
First seen:2020-10-23 12:13:06 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 49152:ipc+FIF2BIYoCRhHXAjmthIZd+6DY1O4pBsk7fy9acc7tvAuuv8QG:6caIWHomHImthaV4pBskfccZH
TLSH FDD53399E7C055F8C12FF74E12E0CAF5AAAF96645044293D483BD7EBDB0F240A58D932
Reporter abuse_ch
Tags:BitRAT lzh RAT


Avatar
abuse_ch
Malspam distributing BitRAT:

HELO: slot0.85xainji.com
Sending IP: 45.145.185.142
From: Sofia Senserini <office@85xainji.com>
Subject: NBG#17 order
Attachment: PO 200068913.lzh (contains "PO 200068914 LACA TRADE I-SCHRODER KG GMBH&Co.exe")

BitRAT C2:
servr.superbanifabused1.xyz

Intelligence

File Origin
# of uploads :
1
# of downloads :
119
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.18243.4798.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9d15e5cb8c5018f0367bc8e359ab8e519eaa89bbf19f70d61ca7048d75841249/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-23 12:02:46 UTC
AV detection:
16 of 28 (57.14%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tuk6ls4mkampant3zdrvtk4okgpkvcn36gpxbvq4u4ci25mecjeq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Backdoor
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9d15e5cb8c5018f0367bc8e359ab8e519eaa89bbf19f70d61ca7048d75841249

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

BitRAT

rar 9d15e5cb8c5018f0367bc8e359ab8e519eaa89bbf19f70d61ca7048d75841249

(this sample)

BitRAT

Executable exe e1f08269363e55708c850e156f5f4cdc50acc14efdce1f3464a70c91548c7548

  
Dropping
MD5 ef4e8566e3e1183c7b42521312d92eb1
  
Dropping
BitRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e1f08269363e55708c850e156f5f4cdc50acc14efdce1f3464a70c91548c7548

Comments