General
-
Target
2.1.exe
-
Size
2.1MB
-
Sample
220106-k761mabebl
-
MD5
8725525b3969fc1c1e01f8ec7eab1ed9
-
SHA1
0672c99376928faba1db5add67833606e0d73529
-
SHA256
58004218b37d36f47da2c5946cac4693e9aea741a0b3a02b823862aec085454b
-
SHA512
5f7b18430aee1e18ecf32eec5d825f7473258a715143df64c19ed703e011a7cf9da40815c4e2b4ea8677c1e6b97dfe0fd74079eaedd102ec2f801776c851cb85
Static task
static1
Behavioral task
behavioral1
Sample
2.1.exe
Resource
win7-en-20211208
Malware Config
Extracted
bitrat
1.38
severdops.ddns.net:3071
-
communication_password
29ef52e7563626a96cea7f4b4085c124
-
tor_process
tor
Targets
-
-
Target
2.1.exe
-
Size
2.1MB
-
MD5
8725525b3969fc1c1e01f8ec7eab1ed9
-
SHA1
0672c99376928faba1db5add67833606e0d73529
-
SHA256
58004218b37d36f47da2c5946cac4693e9aea741a0b3a02b823862aec085454b
-
SHA512
5f7b18430aee1e18ecf32eec5d825f7473258a715143df64c19ed703e011a7cf9da40815c4e2b4ea8677c1e6b97dfe0fd74079eaedd102ec2f801776c851cb85
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-