General
-
Target
6fef760b228bf8b61e7e9d1591ddec09
-
Size
42KB
-
Sample
220505-wlh78abbcp
-
MD5
6fef760b228bf8b61e7e9d1591ddec09
-
SHA1
8a5e948bf1f7eba603e49e413fbf5afca4134be9
-
SHA256
9468b818e8113dd4b056765080af10d530bdbe521cc26157b833ea1b51186927
-
SHA512
a9e16c34ead7884568d59b415575ccbd162fe85d9af03bddc650e07b6abbaf8ec902d284b461f34c7986d2cd9c4cbc6da7b35e8fee173d9ca0d2ff07dfcbaae5
Static task
static1
Behavioral task
behavioral1
Sample
6fef760b228bf8b61e7e9d1591ddec09.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
6fef760b228bf8b61e7e9d1591ddec09.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
bitrat
1.38
fshdshsegsgsg.duckdns.org:1882
-
communication_password
81dc9bdb52d04dc20036dbd8313ed055
-
tor_process
tor
Targets
-
-
Target
6fef760b228bf8b61e7e9d1591ddec09
-
Size
42KB
-
MD5
6fef760b228bf8b61e7e9d1591ddec09
-
SHA1
8a5e948bf1f7eba603e49e413fbf5afca4134be9
-
SHA256
9468b818e8113dd4b056765080af10d530bdbe521cc26157b833ea1b51186927
-
SHA512
a9e16c34ead7884568d59b415575ccbd162fe85d9af03bddc650e07b6abbaf8ec902d284b461f34c7986d2cd9c4cbc6da7b35e8fee173d9ca0d2ff07dfcbaae5
Score10/10-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-