MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d71887fd5dbef4c1eaa0462c508d9415722dbdb92f4b835edbae7249acc36fdb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d71887fd5dbef4c1eaa0462c508d9415722dbdb92f4b835edbae7249acc36fdb
SHA3-384 hash: 813a674830519fad71e791b2294a64c8e8537900aa2fae7ff08222d46dd37639efbb09c1194de15990ae55d8abbfb01b
SHA1 hash: e265e0e50537e9439d88c07012a3da448fb9c5b0
MD5 hash: d7b34cfb757e6dd1d4f7c9993775ce7c
humanhash: india-london-twelve-muppet
File name:Xerox02-02-2021.Pdf.jpg.img
Download: download sample
Signature BitRAT
Create hunting rule
File size:1'245'184 bytes
First seen:2021-02-02 09:43:28 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 3072:CiXNVAkvnW/ZxsoYnb9mXCJgJFREE7eARvlid0PpQLXD:CiXNVACnuxsoib9mXCJa8LX
TLSH BE45C58192084A51F679A731B23251237BB11CD6BDF74E1DB8DD368336F26832E9294F
Reporter abuse_ch
Tags:BitRAT img RAT


Avatar
abuse_ch
Malspam distributing BitRAT:

HELO: rdns0.private-online-ehnational.com
Sending IP: 139.28.36.119
From: Sukru Yildiz <vinipihsa@gmail.com>
Subject: PROFORMA
Attachment: Xerox02-02-2021.Pdf.jpg.img (contains "Xerox02-02-2021.scr")

BitRAT C2:
jegebit.duckdns.org

Intelligence

File Origin
# of uploads :
1
# of downloads :
130
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.MSIL.Abuja.2.26138.28922.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d71887fd5dbef4c1eaa0462c508d9415722dbdb92f4b835edbae7249acc36fdb/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-02 09:44:14 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=24mip7k5x32md2vaiywfbdmucvzc3pnzf5fygxw3vzzetlgdn7nq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.51
Link:
https://yomi.yoroi.company/submissions/d71887fd5dbef4c1eaa0462c508d9415722dbdb92f4b835edbae7249acc36fdb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

BitRAT

img d71887fd5dbef4c1eaa0462c508d9415722dbdb92f4b835edbae7249acc36fdb

(this sample)

BitRAT

Executable exe 79e6d1b262a31a2619284f38b059e266d0fa27109c9b1f4fc9100aa6bb619e05

  
Dropping
MD5 5f429fd9ac05e54b53fc1d2c9336230a
  
Dropping
BitRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 79e6d1b262a31a2619284f38b059e266d0fa27109c9b1f4fc9100aa6bb619e05

Comments