General
-
Target
59f5aa2f3938d9478d3275caaa5eda91.exe
-
Size
271KB
-
Sample
220105-yd39jabaak
-
MD5
59f5aa2f3938d9478d3275caaa5eda91
-
SHA1
87fddce9bdff61168e35c09c09e04378137cfabc
-
SHA256
2bbe399540ca6bbcb26444284ed0cf85c0840a1d36c8bf3ca670be78a4975410
-
SHA512
bb9282b6f89a5d887d84bedf9a782a5c774158aa670a17bf0d532dbaf0f9b0e3f57d7ca1bc14c9de0f46de27b08fef7bd172f018fdc9108d395859f2edb8243e
Static task
static1
Behavioral task
behavioral1
Sample
59f5aa2f3938d9478d3275caaa5eda91.exe
Resource
win7-en-20211208
Malware Config
Extracted
bitrat
1.35
storage.nsupdate.info:8973
-
communication_password
bf771c9d082071fe80b18bb678220682
-
tor_process
tor
Targets
-
-
Target
59f5aa2f3938d9478d3275caaa5eda91.exe
-
Size
271KB
-
MD5
59f5aa2f3938d9478d3275caaa5eda91
-
SHA1
87fddce9bdff61168e35c09c09e04378137cfabc
-
SHA256
2bbe399540ca6bbcb26444284ed0cf85c0840a1d36c8bf3ca670be78a4975410
-
SHA512
bb9282b6f89a5d887d84bedf9a782a5c774158aa670a17bf0d532dbaf0f9b0e3f57d7ca1bc14c9de0f46de27b08fef7bd172f018fdc9108d395859f2edb8243e
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Drops startup file
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-