General
-
Target
sample.exe
-
Size
5.7MB
-
Sample
220130-w5qfmshbg4
-
MD5
b98785b20bc7c89ca6822a14068bfdd9
-
SHA1
4ad68bfe2a0f215478e56b25ce058345d6ccce33
-
SHA256
065d835e97dcd0e648e4114cb7f5d65eeb20d9bf16eb421fe547990b0d376b7c
-
SHA512
2929a40d52b23728ceac807f08161e22d350a51ab1d56fe25c49c7d5c38564f277bb3c98733b7527e07cafece9c1b286605a7e8b195acc3460f9fb7e98f77f8c
Static task
static1
Behavioral task
behavioral1
Sample
sample.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
sample.exe
Resource
win10-en-20211208
Malware Config
Targets
-
-
Target
sample.exe
-
Size
5.7MB
-
MD5
b98785b20bc7c89ca6822a14068bfdd9
-
SHA1
4ad68bfe2a0f215478e56b25ce058345d6ccce33
-
SHA256
065d835e97dcd0e648e4114cb7f5d65eeb20d9bf16eb421fe547990b0d376b7c
-
SHA512
2929a40d52b23728ceac807f08161e22d350a51ab1d56fe25c49c7d5c38564f277bb3c98733b7527e07cafece9c1b286605a7e8b195acc3460f9fb7e98f77f8c
Score10/10-
BitRAT Payload
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-