MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d29afef54ac3613e77a1b7f848d009916c84e2deaf1507a372d051a62fa07192. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d29afef54ac3613e77a1b7f848d009916c84e2deaf1507a372d051a62fa07192
SHA3-384 hash: c0c5d2eb687d8a3fbae9b955ce1b40ffda71ae9b51fa13899178ddc9fe890cce4252add211b16ed9c3044b1a61091229
SHA1 hash: 053e8f963395908bf5ed8106c8084df51b462864
MD5 hash: e052c88f3f71cd5b2605a116fc3a1251
humanhash: muppet-network-skylark-echo
File name:DHL detail.img
Download: download sample
Signature BitRAT
Create hunting rule
File size:2'162'688 bytes
First seen:2020-12-24 16:35:17 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 49152:GgB+B+4zZ7T1Idhpb+//MUMM8VXuqHJ7djLnT1M6:hK+UvidQaz7JLnpM
TLSH 34A5335A576D8F28C2079FF607FF88B86A0D0453078971BBF29D2C10DAF3AC9DA55249
Reporter abuse_ch
Tags:BitRAT img RAT


Avatar
abuse_ch
Malspam distributing BitRAT:

HELO: geetoolsmtp4.wickcz3wjevexd0kwxo5mu0d1a.yx.internal.cloudapp.net
Sending IP: 13.78.174.70
From: DHL Customer Service <customer@dhl.com>
Subject: DHL - Pending delivery
Attachment: DHL detail.img (contains "DHL detail.exe")

BitRAT C2:
bitrat.nsupdate.info

Intelligence

File Origin
# of uploads :
1
# of downloads :
717
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.PWSZbot.tc.23636.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d29afef54ac3613e77a1b7f848d009916c84e2deaf1507a372d051a62fa07192/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-12-24 16:36:06 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2knp55kkynqt455bw74eruajsfwijyw6v4kqpi3s2bi2ml5aogja._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d29afef54ac3613e77a1b7f848d009916c84e2deaf1507a372d051a62fa07192

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

BitRAT

img d29afef54ac3613e77a1b7f848d009916c84e2deaf1507a372d051a62fa07192

(this sample)

BitRAT

Executable exe 1ce688c18aeac8e14b9e022c644193549af78239b11d22d843c57b5aae6e3b8c

  
Dropping
MD5 896e7b3008849a4ee1cd70de0d1ce636
  
Dropping
BitRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1ce688c18aeac8e14b9e022c644193549af78239b11d22d843c57b5aae6e3b8c

Comments