General
-
Target
2e8c3a33ef61db164f994bfc1734d41db0b4eff833cb97b17f1ec58fd3f69823
-
Size
2.1MB
-
Sample
220130-s45bmaebb7
-
MD5
1f6211415f80054e321e8d28b2d1578d
-
SHA1
826564db00d494a3667b00c8069e2de6673304a7
-
SHA256
2e8c3a33ef61db164f994bfc1734d41db0b4eff833cb97b17f1ec58fd3f69823
-
SHA512
99d6069cb6023f9c3ebfd39e384be4446303686d9809462e485d3c2149f72bb336d01961bbcd9fb80407bdd0ef45408da1aa0f79405bc88dd49c4d2a92bfb093
Malware Config
Extracted
bitrat
1.35
publiquilla.linkpc.net:9097
-
communication_password
bfdba24ee3d61f0260c4dc1034c3ee43
-
install_dir
System320772736e3b1d119b3
-
install_file
System320772736e3b1d119b.exe
-
tor_process
tor
Targets
-
-
Target
2e8c3a33ef61db164f994bfc1734d41db0b4eff833cb97b17f1ec58fd3f69823
-
Size
2.1MB
-
MD5
1f6211415f80054e321e8d28b2d1578d
-
SHA1
826564db00d494a3667b00c8069e2de6673304a7
-
SHA256
2e8c3a33ef61db164f994bfc1734d41db0b4eff833cb97b17f1ec58fd3f69823
-
SHA512
99d6069cb6023f9c3ebfd39e384be4446303686d9809462e485d3c2149f72bb336d01961bbcd9fb80407bdd0ef45408da1aa0f79405bc88dd49c4d2a92bfb093
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-