MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c25d82bf6f681d61e79ed7d875b2b8f6d3145997e58699deb5f418e952c1f0ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c25d82bf6f681d61e79ed7d875b2b8f6d3145997e58699deb5f418e952c1f0ad
SHA3-384 hash: 482c514724c5486eeb6513c64661666e30d8b0ae5022b3e36c7288baf63e82952d2b9f2b8a4574762305c627fd830a85
SHA1 hash: c632ae872c44b9f54c2cd72b40efe8985cde1127
MD5 hash: d7cd1c459267520060490d0ab5162142
humanhash: tango-zulu-crazy-low
File name:Payment_receipt.img
Download: download sample
Signature BitRAT
Create hunting rule
File size:4'661'248 bytes
First seen:2021-01-19 13:04:03 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 98304:aUnj6PEASk4gI/UqE2mCAc1XdZ2aRmPCBvfq:aU+PEZkFIMX2mbcrFBC
TLSH EF2623816E44EE01D12D67B8C42AA9F472FEED45DA11D41F7C95FEBA3333946810EA32
Reporter abuse_ch
Tags:BitRAT img RAT


Avatar
abuse_ch
Malspam distributing BitRAT:

HELO: mxout.fullmarket-4.vautronserver.de
Sending IP: 151.252.48.227
From: Accounts Payable - Rinaldi <finance@chalet-almhuette.at>
Reply-To: z0ais@newpacifis.com
Subject: Re:Re:Re: Payment processed (Overdues)
Attachment: Payment_receipt.img (contains "Payment Confirmation Paper - Customer Copy_pdf.exe")

BitRAT C2:
195.206.105.10:3988

Intelligence

File Origin
# of uploads :
1
# of downloads :
154
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_badexts83.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c25d82bf6f681d61e79ed7d875b2b8f6d3145997e58699deb5f418e952c1f0ad/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-01-19 13:04:18 UTC
AV detection:
2 of 46 (4.35%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yjoyfp3pnaowdz4627mhlmvy63jriwmx4wdjtxvv6qmosuwb6cwq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c25d82bf6f681d61e79ed7d875b2b8f6d3145997e58699deb5f418e952c1f0ad

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

BitRAT

img c25d82bf6f681d61e79ed7d875b2b8f6d3145997e58699deb5f418e952c1f0ad

(this sample)

BitRAT

Executable exe 76e5467f267a4bca00af800094c3a92f6bd51de54737f07c533d091e2f219b40

  
Dropping
MD5 13e0f258cfbe3aece8a7e6d29ceb5697
  
Dropping
BitRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 76e5467f267a4bca00af800094c3a92f6bd51de54737f07c533d091e2f219b40

Comments