MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7eb8fd4518fa19a689921f9f49221a7ed2314f5bec6e16f1f7e68a0f4baff3a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RatonRAT


Vendor detections: 14


Intelligence 14 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c7eb8fd4518fa19a689921f9f49221a7ed2314f5bec6e16f1f7e68a0f4baff3a
SHA3-384 hash: ca024d74eba6826f5cb3cc16c7f7cfb3b42fb6c2bdae6756247d45b9b385c14e4a2ab7a145070c467b2f27c1a7aff873
SHA1 hash: d15e395f873566828e0ba3788c4175791d40224c
MD5 hash: 642dad23bdeeaa3f306b2dfd21918c0f
humanhash: montana-sixteen-tango-carpet
File name:IDEBootstrap.exe
Download: download sample
Signature RatonRAT
Create hunting rule
File size:3'003'600 bytes
First seen:2026-02-23 19:14:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b1c5b1beabd90d9fdabd1df0779ea832 (11 x CoinMiner, 10 x QuasarRAT, 8 x AsyncRAT)
ssdeep 49152:uDjlabwz94eGjp12dxwxelP0WncLKHB+EQMZCj0LGaIVupDMKnSOzYF+ccbswa9W:OqwKB91273lPXncLKHPZCXVBOzYb03aW
Threatray 291 similar samples on MalwareBazaar
TLSH T198D52309E7E909F8D4B3E53896578A03F77A3C4A0771968F23A5165B2F273D0DD2A321
TrID 37.0% (.EXE) Win64 Executable (generic) (6522/11/2)
28.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
11.5% (.EXE) OS/2 Executable (generic) (2029/13)
11.3% (.EXE) Generic Win/DOS Executable (2002/3)
11.3% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter abuse_ch
Tags:exe RAT ratonrat

Intelligence

File Origin
# of uploads :
1
# of downloads :
114
Origin country :
SE SE
Vendor Threat Intelligence
Malware configuration found for:
Archives
Details
Archives
SFX commands and extracted archive contents
Link:
https://research.acce.ciphertechsolutions.com/results/f921e60f-94ee-42a3-b025-1501653b024b/
Malware family:
n/a
ID:
1
File name:
IDEBootstrap.exe
Verdict:
No threats detected
Analysis date:
2026-02-22 15:52:08 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/89d1c285-b000-4307-9f35-8bc4a4323622

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/54327/
Detection(s):
SecuriteInfo.com.BackDoor.SpyBotNET.70.10646.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=699b26258fffa866e3b09ddc
Tags:
injection virus msil
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Searching for the window
Сreating synchronization primitives
Searching for synchronization primitives
Verdict:
Malicious
Labled as:
Win/malicious_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/c7eb8fd4518fa19a689921f9f49221a7ed2314f5bec6e16f1f7e68a0f4baff3a
Verdict:
Malicious
File Type:
exe x64
Detections:
Trojan-PSW.MSIL.Agent.sb Trojan.MSIL.Agent.sb HEUR:Exploit.MSIL.BypassUAC.gen Backdoor.MSIL.Crysan.d Trojan-PSW.Win32.Coins.sb Trojan-PSW.MSIL.Stealer.sb
Link:
https://opentip.kaspersky.com/c7eb8fd4518fa19a689921f9f49221a7ed2314f5bec6e16f1f7e68a0f4baff3a/results?tab=lookup
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/af972a5e-08aa-4fc1-b068-bc4513a16f43
Result
Threat name:
n/a
Detection:
suspicious
Classification:
n/a
Score:
36 / 100
Link:
https://www.joesandbox.com/analysis/1873714
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
98%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/c7eb8fd4518fa19a689921f9f49221a7ed2314f5bec6e16f1f7e68a0f4baff3a
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c7eb8fd4518fa19a689921f9f49221a7ed2314f5bec6e16f1f7e68a0f4baff3a/
Verdict:
Malicious
Threat:
Trojan-PSW.MSIL.Crysan
Link:
https://tip.neiki.dev/file/c7eb8fd4518fa19a689921f9f49221a7ed2314f5bec6e16f1f7e68a0f4baff3a
Threat name:
ByteCode-MSIL.Trojan.Zilla
Create hunting rule
Status:
Malicious
First seen:
2026-02-22 15:52:07 UTC
File Type:
PE+ (Exe)
Extracted files:
50
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=y7vy7vcrr6qzu2ezeh47jerbu7wsgfhvx3doc3y7pzukb5f2745a._file
Verdict:
malicious
Label(s):
ratonrat
Create hunting rule
kamikakabot
Create hunting rule
Similar samples:
600f9eef7ce0bcc6b99df59168b94f997be9d8940627186478979961c9bccd4f
RatonRAT
7a7de01481722db7530391f19fffd16fa6fc7b358833aa1e86d22fbc99cce1a1
RatonRAT
7da7034e44451497d95f76aacfb0a6a78ea8c7c4f20668e627e6a00375d2eae5
RatonRAT
aca699200fdcfab5fb7393d94cc9ea50c746f4b6116e8808efb671c60fe9336b
RatonRAT
c7eb8fd4518fa19a689921f9f49221a7ed2314f5bec6e16f1f7e68a0f4baff3a
RatonRAT
ee1e4d3e39e4c7232021b0e3ed8004489ff56e8f80945c14b956bbbffadca7a5
RatonRAT
error
RatonRAT
+ 281 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260223-xydzpsfz7a/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
c7eb8fd4518fa19a689921f9f49221a7ed2314f5bec6e16f1f7e68a0f4baff3a
MD5 hash:
642dad23bdeeaa3f306b2dfd21918c0f
SHA1 hash:
d15e395f873566828e0ba3788c4175791d40224c
Link:
https://www.unpac.me/results/8f00be7b-6ad4-449d-93f7-c97d237a2054/
SH256 hash:
1374391dafd6262795243a58f9fb234be859d940683fe756c64692ca807f0478
MD5 hash:
5b96fb0d4e6453680da278f5b7e51a29
SHA1 hash:
3c96a29248fa3644de2c653a5d97c1e21b13a769
Link:
https://www.unpac.me/results/8f00be7b-6ad4-449d-93f7-c97d237a2054/
SH256 hash:
8474bf173e2238f5f2bea493e42f121371ef949b43bb94deefa92ccfbb7d4146
MD5 hash:
79b5f38db3757386eaf3206779d64120
SHA1 hash:
3699cada7221dfa233af4f0f958854cdd43eeef5
Link:
https://www.unpac.me/results/8f00be7b-6ad4-449d-93f7-c97d237a2054/
SH256 hash:
9033b1828b0eb7bcf35d7d2f79ca51ebaaf7ca3bdf329f557283ce4658175c59
MD5 hash:
c8d8904e03dbf90519fc0fa7337353d1
SHA1 hash:
1074fd6e084fcc5a34158964d94bd55a90f092ad
Detections:
cn_utf8_windows_terminal
Create hunting rule
INDICATOR_EXE_Packed_Fody
Create hunting rule
Link:
https://www.unpac.me/results/8f00be7b-6ad4-449d-93f7-c97d237a2054/
SH256 hash:
f86326eabbdff127a5abb9152a277d3b94e3d8cbcbab2e036bf6852412fe6739
MD5 hash:
ad3b3b40b5c4b32406f090c4762b0b14
SHA1 hash:
77f8d0b57d389e90978c24b30d31fa898a3f2bcb
Link:
https://www.unpac.me/results/8f00be7b-6ad4-449d-93f7-c97d237a2054/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c7eb8fd4518fa19a689921f9f49221a7ed2314f5bec6e16f1f7e68a0f4baff3a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SelfExtractingRAR
Create hunting rule
Author:Xavier Mertens
Description:Detects an SFX archive with automatic script execution
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/54327/

Comments