MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d2d1a052d4cd07f027578dd283c71ff413b895682a31a79ccbaa0e71d57cb391. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d2d1a052d4cd07f027578dd283c71ff413b895682a31a79ccbaa0e71d57cb391
SHA3-384 hash: b58c1c2fa9a140987072ff364f619b643e9c4179f8a30df11bdf3bc6fed08142a101863508646c93c79fb200d2d49aad
SHA1 hash: 0a5379f4534ee9a8eced076d65c887d4ca758990
MD5 hash: b25631f122cad3b33796d92256fe9180
humanhash: carbon-magnesium-lamp-muppet
File name:111141141.exe
Download: download sample
Signature BitRAT
Create hunting rule
File size:1'592'832 bytes
First seen:2020-11-12 08:04:00 UTC
Last seen:2024-07-24 21:44:19 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6ed4f5f04d62b18d96b26d6db7c18840 (221 x SalatStealer, 78 x BitRAT, 42 x RedLineStealer)
ssdeep 49152:f++ajnIgwTVE/qoAMzaDSuyLNaN22WMe0znw:OIgwa/rAT+uyLCWXCw
Threatray 1'074 similar samples on MalwareBazaar
TLSH FA7533D244836ADAD7BA213F3054A89DCE4CD17964D3B6089FFEF6C49D3928B474610E
Reporter JoulK
Tags:BitRAT exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
126
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upolyx-12
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
DNS request
Setting a global event handler
Setting a global event handler for the keyboard
Connection attempt to an infection source
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
BitRAT
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/532107
Signature
Hides threads from debuggers
Machine Learning detection for sample
Yara detected BitRAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d2d1a052d4cd07f027578dd283c71ff413b895682a31a79ccbaa0e71d57cb391/
Threat name:
Win32.Trojan.Graftor
Create hunting rule
Status:
Malicious
First seen:
2020-11-12 08:04:09 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2li2auwuzud7aj2xrxjihry76qj3rflifiy2phglvihhdvl4woiq._file
Verdict:
unknown
Similar samples:
069c2e6f7dbaf794feb28bc32d90db33d030b6169c3a21133f5ad5cadf081c1b
BitRAT
0e659c7f42d4e96e05821b1df99216e5887904ada083fd61c6f77b9628a7890c
BitRAT
389875d4c35ff8da276f122cb6b4ebd1b1d65ce5da5c05defefaf40c2609dbaf
BitRAT
4f8130693067523c153d09b000e48e744ca3b86388221a840349746ea6e561df
BitRAT
7910fea09618fde1ba6c2e3ea088de50109e685d20ae1c08df2f8b530fddd964
BitRAT
7e6dc9928e049d75cd726d8542b39cf46afef0cfd37c8dcb968ea618aedbb696
BitRAT
8ea8ef6c916a4559dde761c0373d4cd662af71e00140b6be6ddf38e3c2e38b76
BitRAT
ad5d194018074784d3a8ac9aa334d5b0b4c8ec9fe721ba7870ef054e29d4529d
BitRAT
bd5d3ebe6150f53c1535e1667a18bbd4831751a414e7518dc8e1d15a19db95b3
BitRAT
fee0b02e4e0358d8025fa74d2780dd557c2de871e03a82b3dd7aadaf451ea1a3
BitRAT
+ 1'064 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/201112-yqhzbfbjs2/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Unpacked files
SH256 hash:
d2d1a052d4cd07f027578dd283c71ff413b895682a31a79ccbaa0e71d57cb391
MD5 hash:
b25631f122cad3b33796d92256fe9180
SHA1 hash:
0a5379f4534ee9a8eced076d65c887d4ca758990
Link:
https://www.unpac.me/results/85d27eac-1727-44ae-ae0f-8f4f5b9a35ff/
SH256 hash:
7d70e81b2576704277259b05d37efbfd7bdbf37500d0eacc0e1ba44265ccf50b
MD5 hash:
701a5d3010528f9d5a04846f410c84e0
SHA1 hash:
3eda2c631393e25bdc7304737cd1a294e02ed170
Detections:
win_bit_rat_w0
Create hunting rule
Link:
https://www.unpac.me/results/85d27eac-1727-44ae-ae0f-8f4f5b9a35ff/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:suspicious_packer_section
Create hunting rule
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/
Rule name:win_bit_rat_w0
Create hunting rule
Author:KrabsOnSecurity
Description:String-based rule for detecting BitRAT malware payload

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

BitRAT

Executable exe d2d1a052d4cd07f027578dd283c71ff413b895682a31a79ccbaa0e71d57cb391

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/809996/

Comments