General
-
Target
2b82105ff0273e98abbfa2708e7b25dcb5eebab0344a3de1fd9bcfd841281912
-
Size
4.2MB
-
Sample
220105-pl343aafbk
-
MD5
99e35efb08a65b2cd59aa0cc8e27a64d
-
SHA1
c24cd0527cbef8c76fbe386ce81cc844cc5acb36
-
SHA256
2b82105ff0273e98abbfa2708e7b25dcb5eebab0344a3de1fd9bcfd841281912
-
SHA512
029ef3b887f3683142ba18c5c72cfcd17931f63bc4397f5942370427b4a4c7fc1ee22789254da525c57dfc4a6d1818f12cc65cc3a4bec79fd2efffb17bc106f2
Static task
static1
Behavioral task
behavioral1
Sample
2b82105ff0273e98abbfa2708e7b25dcb5eebab0344a3de1fd9bcfd841281912.exe
Resource
win10-en-20211208
Malware Config
Extracted
bitrat
1.38
91.243.32.131:80
-
communication_password
202cb962ac59075b964b07152d234b70
-
install_dir
Defenderzone
-
install_file
syspro.exe
-
tor_process
tor
Targets
-
-
Target
2b82105ff0273e98abbfa2708e7b25dcb5eebab0344a3de1fd9bcfd841281912
-
Size
4.2MB
-
MD5
99e35efb08a65b2cd59aa0cc8e27a64d
-
SHA1
c24cd0527cbef8c76fbe386ce81cc844cc5acb36
-
SHA256
2b82105ff0273e98abbfa2708e7b25dcb5eebab0344a3de1fd9bcfd841281912
-
SHA512
029ef3b887f3683142ba18c5c72cfcd17931f63bc4397f5942370427b4a4c7fc1ee22789254da525c57dfc4a6d1818f12cc65cc3a4bec79fd2efffb17bc106f2
Score10/10-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-