MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b84795be05902d97864db422dbdc3b93f6729aabd167195ac3a175d984d73ff7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 11


Intelligence 11 IOCs 1 YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b84795be05902d97864db422dbdc3b93f6729aabd167195ac3a175d984d73ff7
SHA3-384 hash: 11f68f1a3e67733286c675a01e034c569ce3bf35b77c41c399c4c7f08877bfdecbcaa641326301cd2a1c113db7f71eab
SHA1 hash: b5a28cdd046332d59bffb04410b6a64c1ddf84b5
MD5 hash: ef708b8de852fcb8255e5e8fcdf422b1
humanhash: xray-west-equal-golf
File name:B84795BE05902D97864DB422DBDC3B93F6729AABD1671.exe
Download: download sample
Signature BitRAT
Create hunting rule
File size:3'943'424 bytes
First seen:2021-09-02 17:21:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 71955ccbbcbb24efa9f89785e7cce225 (57 x BitRAT)
ssdeep 98304:877Pmq33rE/JDLPWZADUGer7B6iY74M/mmlwXVZaFB:K+R/eZADUXR
Threatray 459 similar samples on MalwareBazaar
TLSH T16606CF02FA46C562D2170230E96E77BE053CF9354B2085C3B3946E6859B66D17A3BF3B
Reporter abuse_ch
Tags:BitRAT exe RAT


Avatar
abuse_ch
BitRAT C2:
194.163.152.240:4898

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
194.163.152.240:4898 https://threatfox.abuse.ch/ioc/213966/

Intelligence

File Origin
# of uploads :
1
# of downloads :
132
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
B84795BE05902D97864DB422DBDC3B93F6729AABD1671.exe
Verdict:
Malicious activity
Analysis date:
2021-09-02 17:27:21 UTC
Tags:
trojan bitrat rat
Link:
https://app.any.run/tasks/47a7d90e-3788-4972-a37e-bac54bf1f956

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
BitRAT
Create hunting rule
Link:
https://www.capesandbox.com/analysis/184862/
Detection(s):
Win.Malware.Mikey-9819889-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
DNS request
Setting a global event handler
Connection attempt
Sending a custom TCP request
Sending a UDP request
Setting a global event handler for the keyboard
Malware family:
BitRAT
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/34517208-da80-4c0d-b605-dbc5901c6b09
Result
Threat name:
BitRAT
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/844214
Signature
Antivirus / Scanner detection for submitted sample
C2 URLs / IPs found in malware configuration
Found malware configuration
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected BitRAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b84795be05902d97864db422dbdc3b93f6729aabd167195ac3a175d984d73ff7/
Threat name:
Win32.Backdoor.ParalaxRat
Create hunting rule
Status:
Malicious
First seen:
2021-08-28 06:08:00 UTC
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xbdzlpqfsawzpbsnwqrnxxb3sp3hfgvl2ftrswwduf25tbgxh73q._file
Verdict:
malicious
Similar samples:
03957e1a76e380308206465031a99a1db9e7afce4b82e021f0f8f94888b791b2
BitRAT
0b6efdd0f3f4dddee58af21631051999c5e9d7968a3ba2e7a34388c42375a457
BitRAT
0eaeab189b978e9babdb4324c22d4bb708e3b33c0016f52e37aa66efae4a310e
BitRAT
185d25898a718d3e3ff6d12a3ad18f12734c73859ed4ff1993ce1e4a011485f2
BitRAT
2dfe2bfefe91c1209836e4017cb2a3bb001a6de6314545f8a8eb6794a2adc204
BitRAT
4bddc1b65b7a24af3d24bddcd3722811775f3f98a65fbc433c762e1615af28c1
BitRAT
6e2510a76f130a0a009432183ed26d35d328cf34e8b4c9655327a9a8a89b8dd7
BitRAT
b4f128cdd69eb21d1de98b00303e01258993fe7fba7467aa8ab642df03ffd890
BitRAT
c3e53e28198dfe92caa7b46355f543dd18c0353ef42f2e28862682a79e863735
BitRAT
+ 449 additional samples on MalwareBazaar
Result
Malware family:
bitrat
Create hunting rule
Score:
  10/10
Tags:
family:bitrat suricata
Link:
https://tria.ge/reports/210902-vxj38aeafr/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
Unpacked files
SH256 hash:
b84795be05902d97864db422dbdc3b93f6729aabd167195ac3a175d984d73ff7
MD5 hash:
ef708b8de852fcb8255e5e8fcdf422b1
SHA1 hash:
b5a28cdd046332d59bffb04410b6a64c1ddf84b5
Link:
https://www.unpac.me/results/c7fbcb05-8142-43d8-b667-59cf3f6688ca/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b84795be05902d97864db422dbdc3b93f6729aabd167195ac3a175d984d73ff7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MALWARE_Win_BitRAT
Create hunting rule
Author:ditekSHen
Description:Detects BitRAT RAT

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/184862/

Comments