General
-
Target
253748ab89481d7cf40c9e52eaf28a939462b3a4e93a87215b1de4be81c69bff
-
Size
4.2MB
-
Sample
220104-yyplwahggn
-
MD5
f96cc66dcb469f0c39ffa0c889bb0aee
-
SHA1
42ed3c6c969bac1c20919336db8b4325997c0474
-
SHA256
253748ab89481d7cf40c9e52eaf28a939462b3a4e93a87215b1de4be81c69bff
-
SHA512
97ea9f5d961dcb3de938a568262f757e24d6a059ce47d2aef000ab36362d67eefddbd343172227eea9dc41a8799e7ac632e19a357892f8468bf7d713a4b14b79
Static task
static1
Behavioral task
behavioral1
Sample
253748ab89481d7cf40c9e52eaf28a939462b3a4e93a87215b1de4be81c69bff.exe
Resource
win10-en-20211208
Malware Config
Extracted
bitrat
1.38
91.243.32.131:80
-
communication_password
202cb962ac59075b964b07152d234b70
-
install_dir
Defenderzone
-
install_file
syspro.exe
-
tor_process
tor
Targets
-
-
Target
253748ab89481d7cf40c9e52eaf28a939462b3a4e93a87215b1de4be81c69bff
-
Size
4.2MB
-
MD5
f96cc66dcb469f0c39ffa0c889bb0aee
-
SHA1
42ed3c6c969bac1c20919336db8b4325997c0474
-
SHA256
253748ab89481d7cf40c9e52eaf28a939462b3a4e93a87215b1de4be81c69bff
-
SHA512
97ea9f5d961dcb3de938a568262f757e24d6a059ce47d2aef000ab36362d67eefddbd343172227eea9dc41a8799e7ac632e19a357892f8468bf7d713a4b14b79
Score10/10-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-