General
-
Target
bb8298b28cd913814c41d7b6a878b8e2a2da7eb34083c901a5408413fed93b45
-
Size
2.2MB
-
Sample
220107-qb9drscfgr
-
MD5
9401cf9f73dfb187bf4cef05d8cfe72b
-
SHA1
4af6544d8c94bb673f826a0ba4d24698150b1089
-
SHA256
bb8298b28cd913814c41d7b6a878b8e2a2da7eb34083c901a5408413fed93b45
-
SHA512
8438c79aa1ac9779bdab11a3f46f174aad97a7bc2fd1f571d42ef8817dc8477b68468be7445c789d125c1b8749338e047e20301d0a11b9e52dacf947abb65dd4
Static task
static1
Malware Config
Extracted
bitrat
1.38
severdops.ddns.net:3071
-
communication_password
29ef52e7563626a96cea7f4b4085c124
-
tor_process
tor
Targets
-
-
Target
bb8298b28cd913814c41d7b6a878b8e2a2da7eb34083c901a5408413fed93b45
-
Size
2.2MB
-
MD5
9401cf9f73dfb187bf4cef05d8cfe72b
-
SHA1
4af6544d8c94bb673f826a0ba4d24698150b1089
-
SHA256
bb8298b28cd913814c41d7b6a878b8e2a2da7eb34083c901a5408413fed93b45
-
SHA512
8438c79aa1ac9779bdab11a3f46f174aad97a7bc2fd1f571d42ef8817dc8477b68468be7445c789d125c1b8749338e047e20301d0a11b9e52dacf947abb65dd4
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-