General
-
Target
ttttttttttttt.rar
-
Size
3.9MB
-
Sample
210728-ey2sg9bprs
-
MD5
84bf5628ec56c05f73cddf1e8956ca33
-
SHA1
e30e3442bced9370122672c373666c476f21af46
-
SHA256
26d2090cade940de6aa7c8dda511a19d6c53544d27989b223768ab1d329a2f3a
-
SHA512
ef976c85bd95dd14f5b223172871b770e8a4593854519a6efe14d9544f263a183cec46a5ffdf0a40492b55bc059ecc53caad73e18a500642aef44c9946974452
Static task
static1
Behavioral task
behavioral1
Sample
ttttttttttttt.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
ttttttttttttt.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
ttttttttttttt.exe
-
Size
6.5MB
-
MD5
ee243a5d55da1ae9747db59ca1d32f2b
-
SHA1
f5b590379f316e40b61151c12490ddc83aa17dc5
-
SHA256
a70325fd7314f54c43623316fcf8e7cb993570d8cab123a9e16ef7f5d5260309
-
SHA512
4510176dd723ae3f95b21d6a1afe25639e9fa06d0e3e29f5093b7e26a395dbdf7ae6490ff08a6e1fdc21b269d9a961c9f52fd36ce276d15364b20cf77b956cb2
Score10/10-
BitRAT Payload
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-