MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c18ee8f785af2b2aef01668ea83662281cb236af6b6405c65e01281635b20696. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c18ee8f785af2b2aef01668ea83662281cb236af6b6405c65e01281635b20696
SHA3-384 hash: b8ba4c6783a98e62be9090366f99ac80f770bd55ccb234d0b4fe94f0ca2a2917d6687c61acddcbf412e187c639679f7e
SHA1 hash: 2e10cc133a71beeb4007ba9521aaa98caea92687
MD5 hash: 403debe0f6de85a73b3871a7acdae1a4
humanhash: lithium-spring-xray-lamp
File name:SecuriteInfo.com.Trojan.GenericKD.45785269.16982.17549
Download: download sample
Signature BitRAT
Create hunting rule
File size:4'098'048 bytes
First seen:2021-02-26 13:07:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'650 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep 98304:0yugfGe4WNvQ3OEsOEpRDnnFSV4HL+5ICo3USR8GLfvGA4nYuhr:duUGjODUshv3Uo86vGt
Threatray 122 similar samples on MalwareBazaar
TLSH D51633A2046B5B16E61C0BF553F45A80136D2B3D87A6D20C8D87E1DFA1A2FB6BD1E503
Reporter SecuriteInfoCom
Tags:BitRAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
118
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.GenericKD.45785269.16982.17549
Verdict:
No threats detected
Analysis date:
2021-02-26 13:20:08 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/f12911f9-cb45-47ac-bdd1-b8f705f6a06c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/119408/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.45785269.16982.17549.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
BitRAT Xmrig
Create hunting rule
Detection:
malicious
Classification:
troj.evad.mine
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/619672
Signature
.NET source code contains potential unpacker
Contains functionality to hide a thread from the debugger
Contains functionality to inject code into remote processes
Hides threads from debuggers
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected BitRAT
Yara detected Xmrig cryptocurrency miner
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c18ee8f785af2b2aef01668ea83662281cb236af6b6405c65e01281635b20696/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-25 18:00:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
40
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
205f2ef71a4a099b8cac6b0df7be7d04f5ca0c65e31fb1c00158f656cf2785c3
BitRAT
41c7c097e85a0c9ee40d1d92cd47bfff9fdb5752532a21e15c142fa3591eb7b3
BitRAT
536f49c24a3c4a3c28f7aea69652dd18d4f158a03589fd0c70993fbe86881309
BitRAT
61421dae61a8c104b25cb3a59ccb1f07e783e4def536575e444d0c74291e63ce
BitRAT
62ed61971c25cdb6b20b7408c0047a33c431c1ef636184fdf5dbaf979319edaf
BitRAT
79562d8eedb874a33326581e124fa4c43cb24a4eb82bcadcc15502c5040bda44
BitRAT
8da32ea516feb3bc471ba01ed18cb0aca1a9f39966c86ca4624dd2cea2e226cd
BitRAT
98a4aad3557b1ce781c3d2369b9823fdc1fb902643f923c73b5ca42c84ca25f7
BitRAT
b67ab8fb362ddb271c827e44adf17bddb3c67f5d49c9d67c60797b04967c8442
BitRAT
ce76fc43c1ae2fc7d499a24d0d93b8ffae25e9d3ef6d6c8086e54ffd0d29ff31
BitRAT
+ 112 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210226-kj3qst6l3a/
Unpacked files
SH256 hash:
f0a09c48af16c079c37ad0914f18897976357981fe5ee6f556ab9f9f70b9a671
MD5 hash:
f984a71581f6da5732110be2a569a392
SHA1 hash:
10de05b6b35fc5dbc00c42d59a4b850bcaae01e6
Link:
https://www.unpac.me/results/2f2a40fb-9365-41fe-8e3a-d8179ad914d3/
SH256 hash:
8fdcfcd5349b5e8f8c06ed1e68e039041f7821ceda93717cea669d948978e804
MD5 hash:
4583ee68737f7e8ffb004ca7f6496793
SHA1 hash:
26d8ef6b0455b001f640b4c2c92d0cf245d5110c
Link:
https://www.unpac.me/results/2f2a40fb-9365-41fe-8e3a-d8179ad914d3/
SH256 hash:
c18ee8f785af2b2aef01668ea83662281cb236af6b6405c65e01281635b20696
MD5 hash:
403debe0f6de85a73b3871a7acdae1a4
SHA1 hash:
2e10cc133a71beeb4007ba9521aaa98caea92687
Link:
https://www.unpac.me/results/2f2a40fb-9365-41fe-8e3a-d8179ad914d3/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

BitRAT

Executable exe c18ee8f785af2b2aef01668ea83662281cb236af6b6405c65e01281635b20696

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/119408/
  
URLhaus
https://urlhaus.abuse.ch/url/1031314/
  
Delivery method
Distributed via web download

Comments