General
-
Target
e-transfer.img
-
Size
300MB
-
Sample
220119-y83aqachhm
-
MD5
de3a4c3319fffd14a016b32e59ded549
-
SHA1
03fdb123f412cad89a9dcf33f54a85b31de7221c
-
SHA256
35da1611e4771602b021b682b95550c90fe8c31ea1367a74d329a6f9e8768021
-
SHA512
73bac9d70a218253c1e3cba2c0a5499e033c6998775fb84125400d5df5f6bc665da304a484a9191526dafba590012afda353b555d654a788f9555f2848c4d15f
Static task
static1
Behavioral task
behavioral2
Sample
E_TRANSF.EXE
Resource
win10v2004-en-20220113
Malware Config
Extracted
bitrat
1.38
yakbitpeople.duckdns.org:9175
-
communication_password
827ccb0eea8a706c4c34a16891f84e7b
-
tor_process
tor
Targets
-
-
Target
E_TRANSF.EXE
-
Size
300MB
-
MD5
affebb601f181b9c290753caae06050a
-
SHA1
64942ee5d84b1a2262d02a1dd0ae1aa6e8b66486
-
SHA256
e2ce88575e964545d834e0bae841ec554b02fa4a290e645e19cb7556123bb49e
-
SHA512
3870beafddb9972863a2b0d74eeded9bd21eb3b8c13563808754927ce3a29579adad56e7eb3bc37b4777cb16caea0d9d5d233b01432aa42fe0c5ecafc3c025b2
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-