General
-
Target
4b39d9d9a3733742ec2e76bfe107b5e43e2d041df1662def76a3857e906aeeca
-
Size
2.3MB
-
Sample
220130-sfcxgacgcr
-
MD5
b86f69bea6756d81e88179af29846335
-
SHA1
b9e8f176864b86256cb3f96f86ba808032974344
-
SHA256
4b39d9d9a3733742ec2e76bfe107b5e43e2d041df1662def76a3857e906aeeca
-
SHA512
eadf7c72683c40ebcb2582d68c91094888aa5d8cb52c7e859d06a1ff3f24e6a2fd9375100c1dfb836e56991ca429e4f8e1908704432b94a5f7a8a87577962f14
Malware Config
Extracted
bitrat
1.35
publiquilla.linkpc.net:9090
-
communication_password
bfdba24ee3d61f0260c4dc1034c3ee43
-
install_dir
windowssecurirysercivehealth
-
install_file
windowssecurirysercive.exe
-
tor_process
tor
Targets
-
-
Target
4b39d9d9a3733742ec2e76bfe107b5e43e2d041df1662def76a3857e906aeeca
-
Size
2.3MB
-
MD5
b86f69bea6756d81e88179af29846335
-
SHA1
b9e8f176864b86256cb3f96f86ba808032974344
-
SHA256
4b39d9d9a3733742ec2e76bfe107b5e43e2d041df1662def76a3857e906aeeca
-
SHA512
eadf7c72683c40ebcb2582d68c91094888aa5d8cb52c7e859d06a1ff3f24e6a2fd9375100c1dfb836e56991ca429e4f8e1908704432b94a5f7a8a87577962f14
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-