General
-
Target
780fd4b0a5fde771e1997ce53896cb9f
-
Size
115KB
-
Sample
220113-wlc17sbhe9
-
MD5
780fd4b0a5fde771e1997ce53896cb9f
-
SHA1
620c2e4b60d2f902933ff6a20042f71b53833e10
-
SHA256
a6d0e2abcc93742839c48666cfee33a4647b42863c7a3304691eed1fc5e854fb
-
SHA512
f5b3434abe7fbe02be993904b572c08b7c7e5963f8fec8fc4dfbc027c76bd21a9c7188b4a5fdda269d77c36c7fee37465251b490f09fe6fc303577bb6cae0f4d
Malware Config
Extracted
bitrat
1.38
drfcjug.duckdns.org:1882
-
communication_password
81dc9bdb52d04dc20036dbd8313ed055
-
tor_process
tor
Targets
-
-
Target
780fd4b0a5fde771e1997ce53896cb9f
-
Size
115KB
-
MD5
780fd4b0a5fde771e1997ce53896cb9f
-
SHA1
620c2e4b60d2f902933ff6a20042f71b53833e10
-
SHA256
a6d0e2abcc93742839c48666cfee33a4647b42863c7a3304691eed1fc5e854fb
-
SHA512
f5b3434abe7fbe02be993904b572c08b7c7e5963f8fec8fc4dfbc027c76bd21a9c7188b4a5fdda269d77c36c7fee37465251b490f09fe6fc303577bb6cae0f4d
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-