MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ab1712dbad9d26b882d4b619ae90b1293d4fca025916f04a2df4e6c2b5c20d4d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ab1712dbad9d26b882d4b619ae90b1293d4fca025916f04a2df4e6c2b5c20d4d
SHA3-384 hash: 32f98af4ffbd5983b3a0ce01cf3c4982c510260ae2233222f6bd9126e60f5368ecbc822ef4034b014de859825bf9b08e
SHA1 hash: f6d648c085522aabaf969b3cb7bbd0ec75071a8f
MD5 hash: 84e2323a786e025d04d5279946d870c4
humanhash: tennessee-hotel-freddie-skylark
File name:Shipment Confirmation Paper.img
Download: download sample
Signature BitRAT
Create hunting rule
File size:98'304 bytes
First seen:2021-01-19 07:27:14 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:y6agqp1plgclXyQpWE0eoxXkT+dHRdQ6D2pO+4P8TFhxgRj6OmfSPZQDZ4tAbYsK:mdLl3GbzQ+UTFmwvMPVuW
TLSH A5A3940437E8DB16E87D97F068B0605493B274AE2976E31D2DCA34DE0BB6F404A51F5B
Reporter abuse_ch
Tags:BitRAT img RAT


Avatar
abuse_ch
Malspam distributing BitRAT:

HELO: newpacifis.com
Sending IP: 62.173.149.238
From: Shipment Tracker Notice<z0ais@newpacifis.com>
Subject: Delivery Confirmation copy for victim-email
Attachment: Shipment Confirmation Paper.img (contains "Shipment ConfirmationPaper - Customer Copy_pdf.exe")

BitRAT C2:
195.206.105.10:3988

Intelligence

File Origin
# of uploads :
1
# of downloads :
160
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_badexts83.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ab1712dbad9d26b882d4b619ae90b1293d4fca025916f04a2df4e6c2b5c20d4d/
Threat name:
Binary.Trojan.Zmutzy
Create hunting rule
Status:
Malicious
First seen:
2021-01-19 07:28:20 UTC
AV detection:
2 of 46 (4.35%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vmlrfw5ntutlrawuwym25efrfe6u7sqclelpasrn6ttmfnocbvgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ab1712dbad9d26b882d4b619ae90b1293d4fca025916f04a2df4e6c2b5c20d4d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

BitRAT

img ab1712dbad9d26b882d4b619ae90b1293d4fca025916f04a2df4e6c2b5c20d4d

(this sample)

BitRAT

Executable exe 56d0c7b288fe323703e31519f296d7a1ed4811bc8eb7cf87c56082499aaff297

  
Dropping
MD5 86b700d7a93e286768075df6eaceed3b
  
Dropping
BitRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 56d0c7b288fe323703e31519f296d7a1ed4811bc8eb7cf87c56082499aaff297

Comments