General
-
Target
76c866501ffb3ed58214ba7949ddc13202e6c9e423c43e6ff690e548750386e7
-
Size
2.1MB
-
Sample
220206-syd79abdam
-
MD5
f01074e44ea85a89f62de30c25eb32be
-
SHA1
12fa5d7f899ee16ef3fe2db14c905cc09d605265
-
SHA256
76c866501ffb3ed58214ba7949ddc13202e6c9e423c43e6ff690e548750386e7
-
SHA512
a944c6c01d841d96e7c736448dbbecb3f8e3954e5fb90e7667613286b7a023c3f7bdbb6ff59afa00be22ace38e18e89fec28faca4f8ce273406bf0524e23a259
Malware Config
Extracted
bitrat
1.35
vst.fastestmaking.com:5433
-
communication_password
331316d4efb44682092a006307b9ae3a
-
tor_process
tor
Targets
-
-
Target
RequestORDERQuote.exe
-
Size
2.3MB
-
MD5
3f02190df38e5dadd7e1b694f547c539
-
SHA1
32769a00df7264940c155f9a2222812e0fbf86be
-
SHA256
91b24eab863880a23663f812e043b6b83dab1e658b234b1b98521e28071527b9
-
SHA512
5068205c43a7fc49fb1b0e1b48526181355e0af091b2086ab35e37a60dbb8d3136f5325b7b614402a9f52515a08e67d5255b195b71a5c5e5332a24098a9b24da
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-