MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bede48a0be57ee78bf73f856b572db712bfc01b9231cd2f62c9d84a32ea3a663. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bede48a0be57ee78bf73f856b572db712bfc01b9231cd2f62c9d84a32ea3a663
SHA3-384 hash: 6368c9437124ac541e837d70184e6cc3a9d697a47a01bd601a2d3e9516444227770e531f5a7f79b927f9c7c3b234085e
SHA1 hash: 79eff3c17f1e53b86bd2789618af6b7e2e709ba5
MD5 hash: 92c624a2f6c5c1e7352c6c9b186a6021
humanhash: winter-avocado-lactose-thirteen
File name:92c624a2f6c5c1e7352c6c9b186a6021.exe
Download: download sample
Signature BitRAT
Create hunting rule
File size:4'268'544 bytes
First seen:2021-03-06 06:49:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 98304:9jf48E96Px+sSK+zjcDWC5VWp0SY6XyRButwRD6vXO:C8E9o0XjcDWS4p0SDiqaJ6v+
Threatray 119 similar samples on MalwareBazaar
TLSH 741633BC3D1D2B4BE6EE08F64C41E31257769FA6B8C2CD862AA5718935D4BC28C4057B
Reporter abuse_ch
Tags:BitRAT exe geo ITA

Intelligence

File Origin
# of uploads :
1
# of downloads :
235
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
92c624a2f6c5c1e7352c6c9b186a6021.exe
Verdict:
No threats detected
Analysis date:
2021-03-06 06:52:22 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/1a6e08fd-c6a6-47fa-aa98-0f77c2c56d4e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/122597/
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
BitRAT Xmrig
Create hunting rule
Detection:
malicious
Classification:
troj.evad.mine
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/630453
Signature
Contains functionality to hide a thread from the debugger
Hides threads from debuggers
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected BitRAT
Yara detected Xmrig cryptocurrency miner
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bede48a0be57ee78bf73f856b572db712bfc01b9231cd2f62c9d84a32ea3a663/
Threat name:
ByteCode-MSIL.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-03-06 04:03:42 UTC
AV detection:
17 of 28 (60.71%)
Threat level:
  1/5
Verdict:
malicious
Similar samples:
360dc7aa2889b1ed05b553eccab73348de2fae89cd7742e64422712298b670ca
BitRAT
5dfd85a1c9a3b450d9aa14d3ea0a6bac9db88623004e5e6d7b40e7ab3b17cd31
BitRAT
6c2a2251861a6d2701814843fadac940cf4d34db9f446f0698352fd866b31739
BitRAT
7277f1d3ddf844d18b2b0f95b620c8617736ad6703234fee2cb46299590180fe
BitRAT
a52ed9486d2ccdf0a9e29fe70ea7df8ddcb8bc06f9329664a310ae32d1308d6f
BitRAT
af05a9b5f7ed6483d7f10ea0e521e0a15fd90d224ca04a9665991ab630a54991
BitRAT
c18ee8f785af2b2aef01668ea83662281cb236af6b6405c65e01281635b20696
BitRAT
c482ebed5672bdbc0cca51b79bbb7babaa82a678142d981a7dd009ad813c20d7
BitRAT
d3f760c70906806de0a9911ab24a5824b3bfb8b3df312829c11c44fc85fa1dc8
BitRAT
db7619d7304cbb9c7ad4bf8c74836f241aecac1fda067f3ffadadf7ee6d44930
BitRAT
+ 109 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210306-4nwepmnh92/
Unpacked files
SH256 hash:
39f9855e34efddd49be31b9eb1b3d4043cfefaa1a09f16739e7c8579fbf0b100
MD5 hash:
f57c38937f18a417e27798aa43d50b21
SHA1 hash:
f918b4f56322f8208be8f77ef075038bf7a42c34
Link:
https://www.unpac.me/results/977a1f32-0175-45a4-88e7-efd351eb07aa/
SH256 hash:
f8b5b51efedb3e87493ac2439473564603cc3059d57956f209a7310e311a1027
MD5 hash:
d66f89bf838fb52ed59d311a99aea214
SHA1 hash:
342525c4aabbb92abf51459081d34ed0f1cdc965
Link:
https://www.unpac.me/results/977a1f32-0175-45a4-88e7-efd351eb07aa/
SH256 hash:
bede48a0be57ee78bf73f856b572db712bfc01b9231cd2f62c9d84a32ea3a663
MD5 hash:
92c624a2f6c5c1e7352c6c9b186a6021
SHA1 hash:
79eff3c17f1e53b86bd2789618af6b7e2e709ba5
Link:
https://www.unpac.me/results/977a1f32-0175-45a4-88e7-efd351eb07aa/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bede48a0be57ee78bf73f856b572db712bfc01b9231cd2f62c9d84a32ea3a663

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/122597/

Comments