General
-
Target
1.exe
-
Size
1.8MB
-
Sample
220426-tl12xshagn
-
MD5
a472acc9bfb5d5ae1f0e847edd0fd5c3
-
SHA1
f060f136fe9a6af93c09afb654c1696b7817c886
-
SHA256
7fac44c988fec727ab87f109038220a207807a2d6cb5966c62920cf2fa6ece64
-
SHA512
f4e3e901c3aa867907dd912bfa123947d18d496abbea94c371f18c1c114f747855bdff7d468da3f9d671500a8c5ac5094bd9ba6c5e86e61ab2fa58f5e083944c
Static task
static1
Behavioral task
behavioral1
Sample
1.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1.exe
Resource
win10-20220414-en
Malware Config
Extracted
bitrat
1.38
bitrat9300.duckdns.org:9300
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
1.exe
-
Size
1.8MB
-
MD5
a472acc9bfb5d5ae1f0e847edd0fd5c3
-
SHA1
f060f136fe9a6af93c09afb654c1696b7817c886
-
SHA256
7fac44c988fec727ab87f109038220a207807a2d6cb5966c62920cf2fa6ece64
-
SHA512
f4e3e901c3aa867907dd912bfa123947d18d496abbea94c371f18c1c114f747855bdff7d468da3f9d671500a8c5ac5094bd9ba6c5e86e61ab2fa58f5e083944c
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-