General
-
Target
fotoadjuntajpg.exe
-
Size
2.1MB
-
Sample
210506-k8zbsw5gbx
-
MD5
1a95f16ac6f8c8c58a328d10e4263e9b
-
SHA1
12ce6530ec3c85cd2b1c5b58ab727fc2cc82217b
-
SHA256
ac84f24af4ee7638d9ee6c5d4b080130a7e1055e5f9bfbc1991dc889a03f664c
-
SHA512
f61a24cf4338e656672e76611a8b60c63da3eec4447a56c995a0b2d4662bfec8b155b67f67c7f1527feae75ccccc24c333989b3c73836ae2dbae70b5a8aaf0d1
Malware Config
Targets
-
-
Target
fotoadjuntajpg.exe
-
Size
2.1MB
-
MD5
1a95f16ac6f8c8c58a328d10e4263e9b
-
SHA1
12ce6530ec3c85cd2b1c5b58ab727fc2cc82217b
-
SHA256
ac84f24af4ee7638d9ee6c5d4b080130a7e1055e5f9bfbc1991dc889a03f664c
-
SHA512
f61a24cf4338e656672e76611a8b60c63da3eec4447a56c995a0b2d4662bfec8b155b67f67c7f1527feae75ccccc24c333989b3c73836ae2dbae70b5a8aaf0d1
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
BitRAT Payload
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-