Description
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
HAC54X-JAN-PAYMENT-RECEIPT.vbs
2KB
220104-s1xglshegm
52cc63019d7ac5726b375e14771cfc9e
04158c38ec3c912b1b510e1479e927cf91ee3d68
e9fc037cd4104162c1a600754a87d9aec3d3b983ad4146954c5ef9ca49752783
71fcd939ab72b4a54f6c23b7eab5c45244c4a3f8e7f65edc29af721b0f1aa3484853fc5359d4c1fe2113659fb4b77ade415684100c9f27c5aa19680a8151f959
Language | ps1 |
Deobfuscated |
|
URLs |
ps1.dropper
https://transfer.sh/get/pBzucs/HHHHHHHHHHHHHHHH.txt |
Family | njrat |
Version | 1.9 |
Botnet | HacKed |
Attributes |
reg_key Microsoft.Exe |
Family | bitrat |
Version | 1.38 |
C2 |
1120bitratjan.duckdns.org:1120 |
Attributes |
communication_password e10adc3949ba59abbe56e057f20f883e
tor_process tor |
HAC54X-JAN-PAYMENT-RECEIPT.vbs
52cc63019d7ac5726b375e14771cfc9e
2KB
04158c38ec3c912b1b510e1479e927cf91ee3d68
e9fc037cd4104162c1a600754a87d9aec3d3b983ad4146954c5ef9ca49752783
71fcd939ab72b4a54f6c23b7eab5c45244c4a3f8e7f65edc29af721b0f1aa3484853fc5359d4c1fe2113659fb4b77ade415684100c9f27c5aa19680a8151f959
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
Widely used RAT written in .NET.
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
Detects executables packed with UPX/modified UPX open source packer.