General
-
Target
Bon de commande.exe
-
Size
26KB
-
Sample
220121-qjlbxahfhm
-
MD5
00286c04e7817a33d830719ef9afda61
-
SHA1
3e59b07e3aa255dc4086c9c631d814ac201e9951
-
SHA256
263b305d6a17491a0dd9dd32c5e56536263326e716e0474a132c1d8f8cc0878d
-
SHA512
917d83abba42301eabf3e5bdc7450300150925955cc2b6ddb40b28338c2014ec30c234fad245bc19f5d5345f5ad5de55e0a738e7bb9fa96b765117c3410a8612
Static task
static1
Behavioral task
behavioral1
Sample
Bon de commande.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Bon de commande.exe
Resource
win10-en-20211208
Malware Config
Extracted
bitrat
1.38
severdops.ddns.net:3071
-
communication_password
29ef52e7563626a96cea7f4b4085c124
-
tor_process
tor
Targets
-
-
Target
Bon de commande.exe
-
Size
26KB
-
MD5
00286c04e7817a33d830719ef9afda61
-
SHA1
3e59b07e3aa255dc4086c9c631d814ac201e9951
-
SHA256
263b305d6a17491a0dd9dd32c5e56536263326e716e0474a132c1d8f8cc0878d
-
SHA512
917d83abba42301eabf3e5bdc7450300150925955cc2b6ddb40b28338c2014ec30c234fad245bc19f5d5345f5ad5de55e0a738e7bb9fa96b765117c3410a8612
Score10/10-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-