General
-
Target
Check411804.exe
-
Size
1.8MB
-
Sample
220406-vxyxdacebk
-
MD5
6e120d3757d58b2d2a049b6e8174be57
-
SHA1
bf5619bc94a891c199543a2037f24e60c3d97a5c
-
SHA256
b26654a554506511b1b0c0570e0df09e72704d915cb62bedcda383c4d9d846c9
-
SHA512
5bf6273e13feca140966d2aa6fa926c20bdb23e455e8e211e581fff70434643645e379920e2c653bc9d3fed67842fe300f1699bfb80ba654e89616098c1c87e5
Static task
static1
Behavioral task
behavioral1
Sample
Check411804.exe
Resource
win7-20220310-en
Malware Config
Extracted
bitrat
1.38
bitratnew9200.duckdns.org:9200
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
Check411804.exe
-
Size
1.8MB
-
MD5
6e120d3757d58b2d2a049b6e8174be57
-
SHA1
bf5619bc94a891c199543a2037f24e60c3d97a5c
-
SHA256
b26654a554506511b1b0c0570e0df09e72704d915cb62bedcda383c4d9d846c9
-
SHA512
5bf6273e13feca140966d2aa6fa926c20bdb23e455e8e211e581fff70434643645e379920e2c653bc9d3fed67842fe300f1699bfb80ba654e89616098c1c87e5
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-