General
-
Target
Juicio No 17292201700138, PRIMERA INSTANCIA.exe
-
Size
292KB
-
Sample
220117-xtt55acdaj
-
MD5
c7ef2678503427b2196bcd3043228fda
-
SHA1
2939b316e7c6b30ca7b298bbbaf8cad789a92bc1
-
SHA256
a74a193f0864f96cb4a8a49c01495cd2e6223893e832c494a70cba3d0e9b765c
-
SHA512
697f21ec76268ad48d34ff07a5b647e86c2138c66e909e5b185651e9674047689757d2d646a57d2fdb297b6828c46e29ce3882fc04f59afc770d9b2d544b0e2c
Static task
static1
Behavioral task
behavioral1
Sample
Juicio No 17292201700138, PRIMERA INSTANCIA.exe
Resource
win7-en-20211208
Malware Config
Extracted
bitrat
1.38
positivoooooo.duckdns.org:3005
-
communication_password
202cb962ac59075b964b07152d234b70
-
tor_process
tor
Targets
-
-
Target
Juicio No 17292201700138, PRIMERA INSTANCIA.exe
-
Size
292KB
-
MD5
c7ef2678503427b2196bcd3043228fda
-
SHA1
2939b316e7c6b30ca7b298bbbaf8cad789a92bc1
-
SHA256
a74a193f0864f96cb4a8a49c01495cd2e6223893e832c494a70cba3d0e9b765c
-
SHA512
697f21ec76268ad48d34ff07a5b647e86c2138c66e909e5b185651e9674047689757d2d646a57d2fdb297b6828c46e29ce3882fc04f59afc770d9b2d544b0e2c
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-