General
-
Target
4b63ab06439234347450346ba568d7d0daff8c8f31ea65160e39363a7c35504b
-
Size
3.1MB
-
Sample
220130-se6hdsdeb4
-
MD5
39b28c8b6e5576deadea55b8b2981319
-
SHA1
a21bfef9e3f86e6e65e54bcdf97e8b4a9394639c
-
SHA256
4b63ab06439234347450346ba568d7d0daff8c8f31ea65160e39363a7c35504b
-
SHA512
7e32a3b17adbe78af7cdf28e480d020c27f311e86d7f057619eee34d55a3a95c904cb4855c639bc60a3a4c354f805afef46f5fb02560a8fe357bffe00ce625dd
Malware Config
Extracted
bitrat
1.35
publiquilla.linkpc.net:9097
-
communication_password
bfdba24ee3d61f0260c4dc1034c3ee43
-
install_dir
System320772736e3b1d119b3
-
install_file
System320772736e3b1d119b.exe
-
tor_process
tor
Targets
-
-
Target
4b63ab06439234347450346ba568d7d0daff8c8f31ea65160e39363a7c35504b
-
Size
3.1MB
-
MD5
39b28c8b6e5576deadea55b8b2981319
-
SHA1
a21bfef9e3f86e6e65e54bcdf97e8b4a9394639c
-
SHA256
4b63ab06439234347450346ba568d7d0daff8c8f31ea65160e39363a7c35504b
-
SHA512
7e32a3b17adbe78af7cdf28e480d020c27f311e86d7f057619eee34d55a3a95c904cb4855c639bc60a3a4c354f805afef46f5fb02560a8fe357bffe00ce625dd
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-