General
-
Target
cad70078636cc2bc01019e66c90c8144.exe
-
Size
1.7MB
-
Sample
201022-1p6624fk9j
-
MD5
cad70078636cc2bc01019e66c90c8144
-
SHA1
054ce24e6674b19477fce3e158b2cc881c2881d9
-
SHA256
e7f018a097a4041995e6d95f9de421d36605140b3c648e1c46af0a0df08b3aef
-
SHA512
3a321d5e72b6f0a85e9d726cea59d98dd90bf74b334f88326313fa3747d3ae7b239d1fab2bf512fb2d31f3125698dd471001978591f8ee86bf63599dee83d1f4
Malware Config
Targets
-
-
Target
cad70078636cc2bc01019e66c90c8144.exe
-
Size
1.7MB
-
MD5
cad70078636cc2bc01019e66c90c8144
-
SHA1
054ce24e6674b19477fce3e158b2cc881c2881d9
-
SHA256
e7f018a097a4041995e6d95f9de421d36605140b3c648e1c46af0a0df08b3aef
-
SHA512
3a321d5e72b6f0a85e9d726cea59d98dd90bf74b334f88326313fa3747d3ae7b239d1fab2bf512fb2d31f3125698dd471001978591f8ee86bf63599dee83d1f4
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
BitRAT Payload
-
Blocklisted process makes network request
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-