General
-
Target
Booking_Payment.vbs
-
Size
4KB
-
Sample
211021-wyrecsafa9
-
MD5
18ac5f0f564e29f3ab4f8a48fdea9ecc
-
SHA1
47216392c30357a1de277c89703765ac8305f603
-
SHA256
2853fdee44775a8aec2874b28c52d10537ce6f383ce53f3a610f45c9c82fa212
-
SHA512
e5d71ba533a21554f142e471648e9032568872893275756684a9967b4bae4cd352ae70793b0358e1894808cf515a2f9b46431a05fbc4a50d88adaa3caab595a7
Malware Config
Extracted
http://13.230.14.133/bypass.txt
Targets
-
-
Target
Booking_Payment.vbs
-
Size
4KB
-
MD5
18ac5f0f564e29f3ab4f8a48fdea9ecc
-
SHA1
47216392c30357a1de277c89703765ac8305f603
-
SHA256
2853fdee44775a8aec2874b28c52d10537ce6f383ce53f3a610f45c9c82fa212
-
SHA512
e5d71ba533a21554f142e471648e9032568872893275756684a9967b4bae4cd352ae70793b0358e1894808cf515a2f9b46431a05fbc4a50d88adaa3caab595a7
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
BitRAT Payload
-
Blocklisted process makes network request
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-