General
-
Target
8f161c203384b95bc5b20e122a9c1c68
-
Size
323KB
-
Sample
220120-xnpy8abbfl
-
MD5
8f161c203384b95bc5b20e122a9c1c68
-
SHA1
c72b4a03fef8c75ff0aab7bd97722249c9334ab0
-
SHA256
4ea881ce90cbf4c9f6f26b940e062bbd147531c6754390f7e61784d892b54668
-
SHA512
5b057a81759833c140153d4154f03ec6f0d544411f6739310b0c9f271b77d613c50062076a9aec951a527fed3aa55cc9d2fdd2a9bdd337912e020cd986066587
Static task
static1
Behavioral task
behavioral1
Sample
8f161c203384b95bc5b20e122a9c1c68.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
8f161c203384b95bc5b20e122a9c1c68.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
bitrat
1.38
utfghjhkyut.duckdns.org:1882
-
communication_password
81dc9bdb52d04dc20036dbd8313ed055
-
install_dir
AppData
-
install_file
chrome.exe
-
tor_process
tor
Targets
-
-
Target
8f161c203384b95bc5b20e122a9c1c68
-
Size
323KB
-
MD5
8f161c203384b95bc5b20e122a9c1c68
-
SHA1
c72b4a03fef8c75ff0aab7bd97722249c9334ab0
-
SHA256
4ea881ce90cbf4c9f6f26b940e062bbd147531c6754390f7e61784d892b54668
-
SHA512
5b057a81759833c140153d4154f03ec6f0d544411f6739310b0c9f271b77d613c50062076a9aec951a527fed3aa55cc9d2fdd2a9bdd337912e020cd986066587
Score10/10-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-