General
-
Target
Document.exe
-
Size
435KB
-
Sample
220112-wcvvnadecm
-
MD5
12103b3952c09d930bf11af9df5b3ac4
-
SHA1
914ec6513405dfe91192ed9ae2e82c9fe32c366a
-
SHA256
4da51788f3414e7329cf4b720086550d686fa3d557c86b573a1eb0b218403c5f
-
SHA512
a7c09de2b7d617b780238df68abf5d6c80b791af8da4d32eb56f96efe1c03cbb46c5332ed287dd8a32bd42f76d17b19b442bb854f3dbd03f80b3ebb377680064
Static task
static1
Behavioral task
behavioral1
Sample
Document.exe
Resource
win7-en-20211208
Malware Config
Extracted
bitrat
1.38
covid1987.ddns.net:9090
-
communication_password
b4df9f494056d51f86c7f1a89850c467
-
tor_process
tor
Targets
-
-
Target
Document.exe
-
Size
435KB
-
MD5
12103b3952c09d930bf11af9df5b3ac4
-
SHA1
914ec6513405dfe91192ed9ae2e82c9fe32c366a
-
SHA256
4da51788f3414e7329cf4b720086550d686fa3d557c86b573a1eb0b218403c5f
-
SHA512
a7c09de2b7d617b780238df68abf5d6c80b791af8da4d32eb56f96efe1c03cbb46c5332ed287dd8a32bd42f76d17b19b442bb854f3dbd03f80b3ebb377680064
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Downloads MZ/PE file
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-