General
-
Target
Document.exe
-
Size
839KB
-
Sample
220119-sblc2saghk
-
MD5
2a5a12f5a3bc62ecd263e1ebde57cba7
-
SHA1
f1d3ba0fc6343e145663c944e6aeebe5e96eaa6b
-
SHA256
b93811479bf82f08e97be19c596166482cdb2b31b8762c8c310307dfd6dab61e
-
SHA512
81657258531d71b064b749f62f6d6570c4c0478c14d67655d1565965f4b772aea82a22561d0e5dc562bfdbca85a7dda03fd95ec7b8ebc43e632b9d817435de66
Static task
static1
Behavioral task
behavioral1
Sample
Document.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Document.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
bitrat
1.38
covid66758.ddns.net:9090
-
communication_password
b4df9f494056d51f86c7f1a89850c467
-
tor_process
tor
Targets
-
-
Target
Document.exe
-
Size
839KB
-
MD5
2a5a12f5a3bc62ecd263e1ebde57cba7
-
SHA1
f1d3ba0fc6343e145663c944e6aeebe5e96eaa6b
-
SHA256
b93811479bf82f08e97be19c596166482cdb2b31b8762c8c310307dfd6dab61e
-
SHA512
81657258531d71b064b749f62f6d6570c4c0478c14d67655d1565965f4b772aea82a22561d0e5dc562bfdbca85a7dda03fd95ec7b8ebc43e632b9d817435de66
Score10/10-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-