MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9f12d89e8dea898be08de4b406e285e38531b18bffb9d3544206fe19d566b447. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9f12d89e8dea898be08de4b406e285e38531b18bffb9d3544206fe19d566b447
SHA3-384 hash: 8413e3be36810ca4a44b6b855d1e022f444ab2ad9c4cc4384155295df486f941ed9531e98d4e5ff25bffadf18f11aa5f
SHA1 hash: 45683b53883c686a1d056a62e9aaa48ba01d6d85
MD5 hash: 15b3dc32b12d43e68ad8f0c166395f6e
humanhash: pennsylvania-salami-freddie-twenty
File name:Receipt.rar
Download: download sample
Signature BitRAT
Create hunting rule
File size:557'076 bytes
First seen:2020-10-27 09:28:35 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:q20MjM+bsBMKQEMm1aF63ok7i0DqwIwdjq8sVDBy70VVoJVWlOHojZwOvvjmONKy:H4GXXwj6yUoJVSkoj9q6euSM
TLSH 32C4236E904C6047A6E200AF8CD6B8BDF54FE2B5584BCB4E1A72C980F45D663D78C74E
Reporter abuse_ch
Tags:BitRAT rar


Avatar
abuse_ch
Malspam distributing BitRAT:

HELO: slot0.alerti.xyz
Sending IP: 142.11.194.235
From: Rose Robert <postmaster@alerti.xyz>
Subject: Credit Card Payment Receipt
Attachment: Receipt.rar (contains "Receipt.exe")

BitRAT payload URL:
http://blindlemmingchiffon.net/lyrics/99.exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9f12d89e8dea898be08de4b406e285e38531b18bffb9d3544206fe19d566b447/
Threat name:
Win32.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-10-26 15:58:36 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=t4jnrhun5keyxyen4s2anyuf4octdmml7645gvcca37btvlgwrdq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

BitRAT

rar 9f12d89e8dea898be08de4b406e285e38531b18bffb9d3544206fe19d566b447

(this sample)

BitRAT

Executable exe 0cf6c64800271784234f89dd95925d58075254e5756946de94f447b6defee4fc

  
URLhaus
https://urlhaus.abuse.ch/url/755548/
  
Dropping
MD5 a088e0fe6f3784d7f16fa7e2c8add5bb
  
Dropping
BitRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0cf6c64800271784234f89dd95925d58075254e5756946de94f447b6defee4fc

Comments