General
-
Target
DHL Shipment Note.exe
-
Size
267KB
-
Sample
220108-jj9aeadcdn
-
MD5
088ef2cfabd6e8b52832f5e358bfff6b
-
SHA1
4c389ccc2ac9809b315b5ba1b3d3fe3edcf9876d
-
SHA256
3bdd75cf5a2b26bbf10f298f3071b2d7c7a79b33f880eb3f26c3276baceaac1f
-
SHA512
0101392d09c48ab7d70582f267dc86d765c77161cfc34ec8cc0ff0a527a46178b4c487a0810a946caab28c4ae6d03cb7134dad0dee13e5563a53135b1c1f992c
Static task
static1
Behavioral task
behavioral1
Sample
DHL Shipment Note.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
DHL Shipment Note.exe
Resource
win10-en-20211208
Malware Config
Extracted
bitrat
1.38
severdops.ddns.net:3071
-
communication_password
29ef52e7563626a96cea7f4b4085c124
-
install_dir
msWORLD
-
install_file
excel.exe
-
tor_process
tor
Targets
-
-
Target
DHL Shipment Note.exe
-
Size
267KB
-
MD5
088ef2cfabd6e8b52832f5e358bfff6b
-
SHA1
4c389ccc2ac9809b315b5ba1b3d3fe3edcf9876d
-
SHA256
3bdd75cf5a2b26bbf10f298f3071b2d7c7a79b33f880eb3f26c3276baceaac1f
-
SHA512
0101392d09c48ab7d70582f267dc86d765c77161cfc34ec8cc0ff0a527a46178b4c487a0810a946caab28c4ae6d03cb7134dad0dee13e5563a53135b1c1f992c
Score10/10-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-