General
-
Target
1.exe
-
Size
1.7MB
-
Sample
220408-w8826adbal
-
MD5
b0aa91523dd4dc0baaad660ecbefee3e
-
SHA1
c07e6d0ee5b48c353298f6eb9ead89abb90a4f07
-
SHA256
494af7ea066d464e7dac94e305dbcf77322ae1931a05d4c7050711ad2a07fb0a
-
SHA512
279688506744cfed3017c1edfdfbf31bdac73541d59d500d3ce5d2fb655f0e65b79c4ecd273296c564a48dd8a7f57e1d1478e441f4153009c2e4e4965f33fe2f
Static task
static1
Behavioral task
behavioral1
Sample
1.exe
Resource
win7-20220331-en
Malware Config
Extracted
bitrat
1.38
doctorsbit.duckdns.org:4012
-
communication_password
827ccb0eea8a706c4c34a16891f84e7b
-
tor_process
tor
Targets
-
-
Target
1.exe
-
Size
1.7MB
-
MD5
b0aa91523dd4dc0baaad660ecbefee3e
-
SHA1
c07e6d0ee5b48c353298f6eb9ead89abb90a4f07
-
SHA256
494af7ea066d464e7dac94e305dbcf77322ae1931a05d4c7050711ad2a07fb0a
-
SHA512
279688506744cfed3017c1edfdfbf31bdac73541d59d500d3ce5d2fb655f0e65b79c4ecd273296c564a48dd8a7f57e1d1478e441f4153009c2e4e4965f33fe2f
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-