General
-
Target
Order_2190034_January.exe
-
Size
785KB
-
Sample
220107-aq2z8scbck
-
MD5
751cfacd6de472704d072d56cd27769e
-
SHA1
733fd283e27fedb060e4b841f4737a28ba126600
-
SHA256
1df11ec4ef8cfeda563e1103d5e0cdc4ed10601b37e0ea9f93be82433ab68c72
-
SHA512
b036ad1a18b920fe56686d6a8b699286dc646bf992823617b73b1f7bae7197ffe1ebc80999a861cab92bf97fcb6855cdcef061d8bf5a27631179b467ffec2d39
Static task
static1
Behavioral task
behavioral1
Sample
Order_2190034_January.exe
Resource
win7-en-20211208
Malware Config
Extracted
bitrat
1.38
severdops.ddns.net:3071
-
communication_password
29ef52e7563626a96cea7f4b4085c124
-
tor_process
tor
Targets
-
-
Target
Order_2190034_January.exe
-
Size
785KB
-
MD5
751cfacd6de472704d072d56cd27769e
-
SHA1
733fd283e27fedb060e4b841f4737a28ba126600
-
SHA256
1df11ec4ef8cfeda563e1103d5e0cdc4ed10601b37e0ea9f93be82433ab68c72
-
SHA512
b036ad1a18b920fe56686d6a8b699286dc646bf992823617b73b1f7bae7197ffe1ebc80999a861cab92bf97fcb6855cdcef061d8bf5a27631179b467ffec2d39
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-