General
-
Target
9401cf9f73dfb187bf4cef05d8cfe72b
-
Size
2.2MB
-
Sample
220107-p88cascfgq
-
MD5
9401cf9f73dfb187bf4cef05d8cfe72b
-
SHA1
4af6544d8c94bb673f826a0ba4d24698150b1089
-
SHA256
bb8298b28cd913814c41d7b6a878b8e2a2da7eb34083c901a5408413fed93b45
-
SHA512
8438c79aa1ac9779bdab11a3f46f174aad97a7bc2fd1f571d42ef8817dc8477b68468be7445c789d125c1b8749338e047e20301d0a11b9e52dacf947abb65dd4
Static task
static1
Behavioral task
behavioral1
Sample
9401cf9f73dfb187bf4cef05d8cfe72b.exe
Resource
win7-en-20211208
Malware Config
Extracted
bitrat
1.38
severdops.ddns.net:3071
-
communication_password
29ef52e7563626a96cea7f4b4085c124
-
tor_process
tor
Targets
-
-
Target
9401cf9f73dfb187bf4cef05d8cfe72b
-
Size
2.2MB
-
MD5
9401cf9f73dfb187bf4cef05d8cfe72b
-
SHA1
4af6544d8c94bb673f826a0ba4d24698150b1089
-
SHA256
bb8298b28cd913814c41d7b6a878b8e2a2da7eb34083c901a5408413fed93b45
-
SHA512
8438c79aa1ac9779bdab11a3f46f174aad97a7bc2fd1f571d42ef8817dc8477b68468be7445c789d125c1b8749338e047e20301d0a11b9e52dacf947abb65dd4
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-