MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a724bc0aa0fe8122c3ff1d2d8c90e717c506f3aaea8060f89559250d4fe89ed1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a724bc0aa0fe8122c3ff1d2d8c90e717c506f3aaea8060f89559250d4fe89ed1
SHA3-384 hash: 1f859a16e35c1a512157d28f5fbf4defabaa1e2300bc936c7f713397f52af92a07e6ced3e31cda083fc51311438b81c1
SHA1 hash: d76d55a30598c374a838129d37eb3daf88086e1c
MD5 hash: 36397bf0c63e9245a2dedde34076846f
humanhash: six-timing-item-aspen
File name:SecuriteInfo.com.Trojan.DownLoader36.26524.23979.15656
Download: download sample
Signature BitRAT
Create hunting rule
File size:1'259'520 bytes
First seen:2020-12-18 20:39:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6ed4f5f04d62b18d96b26d6db7c18840 (225 x SalatStealer, 78 x BitRAT, 42 x RedLineStealer)
ssdeep 24576:SAgfcG8iZEX4ez/WDAJubSl60XAVWMDG3ocAaeaJ42YDR:S8G8iyP+k0SloVa3ocbeh2Y
Threatray 1'176 similar samples on MalwareBazaar
TLSH 9745338A398348B2F8D47239874B1D5BC201CEE145F6930593BAC1B3BE77B307A56D99
Reporter SecuriteInfoCom
Tags:BitRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
240
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.DownLoader36.26524.23979.15656
Verdict:
Suspicious activity
Analysis date:
2020-12-18 20:45:29 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/5a9d7e82-baa9-4749-b3c1-6f10d3285ee9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
BitRAT
Create hunting rule
Link:
https://www.capesandbox.com/analysis/108504/
Detection(s):
PUA.Win.Packer.Upolyx-12
Create hunting rule

SecuriteInfo.com.Trojan.DownLoader36.26524.23979.15656.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Setting a global event handler
Connection attempt
Sending a UDP request
Setting a global event handler for the keyboard
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/566635
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to hide a thread from the debugger
Contains functionality to register a low level keyboard hook
Found Tor onion address
Hides threads from debuggers
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a724bc0aa0fe8122c3ff1d2d8c90e717c506f3aaea8060f89559250d4fe89ed1/
Threat name:
Win32.Trojan.Graftor
Create hunting rule
Status:
Malicious
First seen:
2020-12-13 23:28:53 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0e9a8e1e1f0f33196b1870654b202801006eaf7867730b0e5fd67636496fd1fb
BitRAT
31799b95716aafede8ee3743c0a3976a4367f3e7ac946be7fab519a50b7dc067
BitRAT
3b547e3bd5f3040c824ea497f265bf355483cce29c4e059d16e04fba20325498
BitRAT
447cd37f4afcf90d9bc575a0a1911fec96f8eecce93b50a9a9f94d4f10c22ae4
BitRAT
5f0de90b56c2a20ae521297bc1e49d4fab727bd8deb62d2ef594930fb3b0d15e
BitRAT
6c8a5f43e07034d0545c60c137f96c6ab8da44cfd59a8654896c8f6c497aefad
BitRAT
6d01ee99d5c720b96cc5d8d468305ad87fd0cb0e3730fd907f74a27d13239a06
BitRAT
d8dbe0a74ff4d70f5633f8177f37c14cd1586d7a658ecf72d05f59261e8ad016
BitRAT
e68e5069b22531792a8eadd85b4fbdbdaf97ccc94bd25c1afb70ea7b23c93c1e
BitRAT
ee5ce848044843cd0ceeeab61270c15a35f571a9faca4daa9cc17b212dc753d9
BitRAT
+ 1'166 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/201218-narkz4x2b6/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Unpacked files
SH256 hash:
a724bc0aa0fe8122c3ff1d2d8c90e717c506f3aaea8060f89559250d4fe89ed1
MD5 hash:
36397bf0c63e9245a2dedde34076846f
SHA1 hash:
d76d55a30598c374a838129d37eb3daf88086e1c
Link:
https://www.unpac.me/results/361515ac-6f86-4503-8cf0-93cd37497efa/
SH256 hash:
dd047cf949e547b99caf046c7e3bdf27d62fa385f8e1aabf9afac1e2eedad678
MD5 hash:
4d363bd1cc5e804121840c2803a5ebce
SHA1 hash:
976465ec48edefc5c2895881e8ef35845b371df0
Link:
https://www.unpac.me/results/361515ac-6f86-4503-8cf0-93cd37497efa/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Cryptor
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/a724bc0aa0fe8122c3ff1d2d8c90e717c506f3aaea8060f89559250d4fe89ed1

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MALWARE_Win_BitRAT
Create hunting rule
Author:ditekSHen
Description:Detects BitRAT RAT
Rule name:suspicious_packer_section
Create hunting rule
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

BitRAT

Executable exe a724bc0aa0fe8122c3ff1d2d8c90e717c506f3aaea8060f89559250d4fe89ed1

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/108504/
  
URLhaus
https://urlhaus.abuse.ch/url/928502/
  
Delivery method
Distributed via web download

Comments