MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e64680fcc09a464e9c482987f8727df5d25ec4bbc312db6a51d557178f9ab17a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 9


Intelligence 9 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e64680fcc09a464e9c482987f8727df5d25ec4bbc312db6a51d557178f9ab17a
SHA3-384 hash: 77cba158ea87375142daf20e86925f99d6ce731bd16f70b2b332da2dfa6aef45862e76c1c19556e6bf3816750ab7d191
SHA1 hash: d140c9f54972d020ad513a9a6e88ebe6589e2cc2
MD5 hash: 5097ab66c01668d070e5e522a971a561
humanhash: missouri-leopard-moon-bravo
File name:5097AB66C01668D070E5E522A971A561.exe
Download: download sample
Signature BitRAT
Create hunting rule
File size:2'762'482 bytes
First seen:2021-07-05 21:30:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3abe302b6d9a1256e6a915429af4ffd2 (277 x GuLoader, 38 x Formbook, 25 x Loki)
ssdeep 49152:okNmYG3rYl6RRDDOg3puSiiCn6acMCCLJDsB1QJ0Mcjmjm67kW+:ok/6RFi9n6sNsBGFvm67h+
Threatray 255 similar samples on MalwareBazaar
TLSH 0AD533748565891BC729927D5AE8F97CBE4C9CC4F1D076864BF93ECB393BA20140E34A
Reporter abuse_ch
Tags:BitRAT exe RAT


Avatar
abuse_ch
BitRAT C2:
185.29.11.26:443

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
185.29.11.26:443 https://threatfox.abuse.ch/ioc/157639/

Intelligence

File Origin
# of uploads :
1
# of downloads :
171
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
5097AB66C01668D070E5E522A971A561.exe
Verdict:
Malicious activity
Analysis date:
2021-07-05 21:32:52 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/f969dd0f-ba61-4762-b436-607f8b078031

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
BitRAT
Create hunting rule
Link:
https://www.capesandbox.com/analysis/169789/
Detection(s):
SecuriteInfo.com.Troj.Inject-EAO.957.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/78cbef9e-508d-43fa-b0a7-e890054bc59d
Result
Threat name:
BitRAT
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/811963
Signature
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Tries to detect virtualization through RDTSC time measurements
Writes to foreign memory regions
Yara detected BitRAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e64680fcc09a464e9c482987f8727df5d25ec4bbc312db6a51d557178f9ab17a/
Threat name:
Win32.Spyware.Solmyr
Create hunting rule
Status:
Malicious
First seen:
2021-07-03 07:41:38 UTC
AV detection:
13 of 29 (44.83%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4zdib7gatjde5hcifgd7q4t56xjf5rf3ymjnw2sr2vlrpd42wf5a._file
Verdict:
malicious
Similar samples:
083d5efb4da09432a206cb7fba5cef2c82dd6cc080015fe69c2b36e71bca6c89
BitRAT
114e6de40d858b16e3e34dd62ef9d2d69758142b8da593a9496a08424ca518f9
BitRAT
1759dd8f52a3e1e13c8b23adff5c8f2d0db25d9fe60abf25acb607103924e7a3
BitRAT
405615def0f1ed392a6273ab7c23a2e5fc01bc2cb978b7f3f2040d4a3c57d37a
BitRAT
4cdfc8c1032ededddcecd13894424bc36e15173ca5cabefe38d0fa7db33d4491
BitRAT
5c62d8294633b621c71139a132c45cf2d8293ae8012cbb6b20fddc9c3b10860e
BitRAT
b2b90c803853c036f18b858027ae242f675f65d075b6e21b12659e3c48e5815d
BitRAT
b5ba3f8f7dee43c7924a626f7e0cf088dc2c4ad21d563b770518d3abafda1f69
BitRAT
b6ce6b4e43c8d9c4941d9ea50cd5a816a1fa044f8732357c642966811c3dd1b8
BitRAT
c32079e2c46336bd8c6e0ee89733f08063563391b1fcdc46193a0cc9b445c808
BitRAT
+ 245 additional samples on MalwareBazaar
Result
Malware family:
bitrat
Create hunting rule
Score:
  10/10
Tags:
family:bitrat trojan
Link:
https://tria.ge/reports/210705-ag3h6jdb2j/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
NSIS installer
Enumerates physical storage devices
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Loads dropped DLL
BitRAT
BitRAT Payload
Unpacked files
SH256 hash:
aee88b812edfe23dcae03c9019661509250ed150fc6d8645085b1aa99f46b172
MD5 hash:
cdeb427bb033e7b94046f3cf76b37b7f
SHA1 hash:
11526eaaaa47a38740eb3a2a26a9e793f78524e0
Link:
https://www.unpac.me/results/a30ffe43-87b8-4acf-a93a-5f14b4ae94ed/
SH256 hash:
c5f401569bca10252913cb7f35cc02244a0c49fa3a48e0de2ea0dac8e1f518a7
MD5 hash:
bd5a994a03d58aa79bc565e003cf4a85
SHA1 hash:
d1295c5782c4984ea26487ddc5a2276f28b90d4e
Link:
https://www.unpac.me/results/a30ffe43-87b8-4acf-a93a-5f14b4ae94ed/
SH256 hash:
e64680fcc09a464e9c482987f8727df5d25ec4bbc312db6a51d557178f9ab17a
MD5 hash:
5097ab66c01668d070e5e522a971a561
SHA1 hash:
d140c9f54972d020ad513a9a6e88ebe6589e2cc2
Link:
https://www.unpac.me/results/a30ffe43-87b8-4acf-a93a-5f14b4ae94ed/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.57
Link:
https://yomi.yoroi.company/submissions/e64680fcc09a464e9c482987f8727df5d25ec4bbc312db6a51d557178f9ab17a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/169789/

Comments