MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f30cba9be2a7cf581939e7e7b958d5e0554265a685b3473947bf2c26679995d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BitRAT


Vendor detections: 5


Intelligence 5 IOCs 1 YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f30cba9be2a7cf581939e7e7b958d5e0554265a685b3473947bf2c26679995d3
SHA3-384 hash: 2750dc4b4a01b53ee623fd253d6971a296460bf9259b0cf3a41f85fd5ac52df878ed9d16056f9a09df03fcd361b56026
SHA1 hash: 25c936c0b399b82ad39363f6237fd5db13369bda
MD5 hash: 37f9dc388fedc16b308acaadc34c2054
humanhash: aspen-white-nineteen-florida
File name:PS1.hta
Download: download sample
Signature BitRAT
Create hunting rule
File size:3'450 bytes
First seen:2022-01-20 14:53:12 UTC
Last seen:Never
File type:HTML Application (hta) hta
MIME type:text/html
ssdeep 96:oadh1XsgdPeJdPxdP8dPudP/QdPfGj7dP2zRk/dPKQqdPgwj1P9SEnfcqjCUpYNE:oadhZsgdPmdPxdP8dPudP/QdPfKdP2y8
TLSH T18D610D5DECA10A0CD226F437FA1AF3E4D3C55DA35269B8E41E9E7080626CA6DE44F5C3
Reporter abuse_ch
Tags:BitRAT hta RAT


Avatar
abuse_ch
BitRAT C2:
135.148.74.241:8080

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
135.148.74.241:8080 https://threatfox.abuse.ch/ioc/306723/

Intelligence

File Origin
# of uploads :
1
# of downloads :
182
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.VBS.Agent-9.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malicious
File Type:
HTA File - Malicious
Link:
https://app.docguard.net/f30cba9be2a7cf581939e7e7b958d5e0554265a685b3473947bf2c26679995d3/results/dashboard
Payload URLs
URL
File name
http://135.148.74.241/PS1_B.txt%27%3B%24
HTA File
Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f30cba9be2a7cf581939e7e7b958d5e0554265a685b3473947bf2c26679995d3/
Threat name:
Script-WScript.Downloader.Nemucod
Create hunting rule
Status:
Malicious
First seen:
2022-01-20 14:54:07 UTC
File Type:
Text
AV detection:
13 of 27 (48.15%)
Threat level:
  3/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6mglvg7cu7hvqgjz47t3swgv4bkuezngqwzuookhx4wcmz4zsxjq._file
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/f30cba9be2a7/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f30cba9be2a7cf581939e7e7b958d5e0554265a685b3473947bf2c26679995d3

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address
Rule name:MALWARE_Win_BitRAT
Create hunting rule
Author:ditekSHen
Description:Detects BitRAT RAT

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

BitRAT

HTML Application (hta) hta f30cba9be2a7cf581939e7e7b958d5e0554265a685b3473947bf2c26679995d3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1993586/
  
Delivery method
Distributed via web download

Comments