MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f400e2ca97c91a535d7ea33d8f2191a3e46050f1d4f37e03c13a3bdd4863ed69. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

BitRAT

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	f400e2ca97c91a535d7ea33d8f2191a3e46050f1d4f37e03c13a3bdd4863ed69
SHA3-384 hash:	9c1401c4504d83076f7ff0199e538a2c13480352eadb6f7756bc6b1bc41174226de76400b3e2efc2598ea80cfc0bdae8
SHA1 hash:	7302427d02f88d2bf7cb8ef7640681b8cf8e8a0f
MD5 hash:	1de51da8dade76698eca7f11b023fc2b
humanhash:	snake-carolina-magazine-potato
File name:	Unterlagen PDF.img
Download:	download sample
Signature	BitRAT Create hunting rule
File size:	1'689'600 bytes
First seen:	2021-02-22 12:53:46 UTC
Last seen:	Never
File type:	img
MIME type:	application/x-iso9660-image
ssdeep	24576:9iGemZHr4GUZXw+iWUGX/6/XkC2qIgo3b2NdkfDOA9ifTcJanQgJ5/ZD8lxz+3N+:oILj1WUGX/wXk7q3FafjYLF18T20/
TLSH	EE7533B972D01762E4EC50769EF05408AB4FF755BDAA421973DC2D8733ABEC1084D2BA
Reporter	abuse_ch
Tags:	BitRAT DEU geo img RAT

abuse_ch

Malspam distributing unidentified malware:

HELO: 107-174-142-107-host.colocrossing.com
Sending IP: 107.174.142.107
From: info <info@margaritis-trucks.de>
Subject: AW: BESTÄTIGUNG
Attachment: Unterlagen PDF.img (contains "Unterlagen PDF.exe")

NanoCore RAT C2:
venomrating.hopto.org:4712