General
-
Target
860db7ed00b9da5574527f13741e5b154e457924f0e81da583737a1c89d68027
-
Size
2.6MB
-
Sample
220121-3kd1faddhk
-
MD5
5d3c09630c2017783600507b55437efa
-
SHA1
eeda72aa2b636f90d799c1d3e48b70cde56294a0
-
SHA256
860db7ed00b9da5574527f13741e5b154e457924f0e81da583737a1c89d68027
-
SHA512
cd24315f6a90b417a4d1fa9bbd8b7986dd0f225a4e11b8c32db1cae64e6d40e28a3637077df3b1e2cc8bab57f62c17ed7956cf021ab2d46bb9566dc8fa088021
Malware Config
Extracted
bitrat
1.38
jairoandresotalvarorend.linkpc.net:9084
-
communication_password
bfdba24ee3d61f0260c4dc1034c3ee43
-
install_dir
winlogomdefenerec
-
install_file
winlogomdefenerec.exe
-
tor_process
tor
Targets
-
-
Target
860db7ed00b9da5574527f13741e5b154e457924f0e81da583737a1c89d68027
-
Size
2.6MB
-
MD5
5d3c09630c2017783600507b55437efa
-
SHA1
eeda72aa2b636f90d799c1d3e48b70cde56294a0
-
SHA256
860db7ed00b9da5574527f13741e5b154e457924f0e81da583737a1c89d68027
-
SHA512
cd24315f6a90b417a4d1fa9bbd8b7986dd0f225a4e11b8c32db1cae64e6d40e28a3637077df3b1e2cc8bab57f62c17ed7956cf021ab2d46bb9566dc8fa088021
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-