General
-
Target
5effe6792620b5d512905695003baa3f.exe
-
Size
2.3MB
-
Sample
220107-jptrxacddm
-
MD5
5effe6792620b5d512905695003baa3f
-
SHA1
0a98f5acfcd5a0efb4989d4513b6b8861438777d
-
SHA256
ed857cb8db7feb60827f28be33098db83bb25fa2191b133eedc5b4b29907abd5
-
SHA512
67630485b4cd44a612274c146aabef67b5d0f0c0ddfb0f8c34367985e43ccef25cd35d8583952bc73281b5fedb9d8e05a67ad326cdfae9c67ae858ce2c2c1a09
Static task
static1
Behavioral task
behavioral1
Sample
5effe6792620b5d512905695003baa3f.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
5effe6792620b5d512905695003baa3f.exe
Resource
win10-en-20211208
Malware Config
Extracted
bitrat
1.38
91.243.32.131:80
-
communication_password
202cb962ac59075b964b07152d234b70
-
install_dir
Defenderzone
-
install_file
syspro.exe
-
tor_process
tor
Targets
-
-
Target
5effe6792620b5d512905695003baa3f.exe
-
Size
2.3MB
-
MD5
5effe6792620b5d512905695003baa3f
-
SHA1
0a98f5acfcd5a0efb4989d4513b6b8861438777d
-
SHA256
ed857cb8db7feb60827f28be33098db83bb25fa2191b133eedc5b4b29907abd5
-
SHA512
67630485b4cd44a612274c146aabef67b5d0f0c0ddfb0f8c34367985e43ccef25cd35d8583952bc73281b5fedb9d8e05a67ad326cdfae9c67ae858ce2c2c1a09
Score10/10-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
mimikatz is an open source tool to dump credentials on Windows
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-