General
-
Target
Serve.ps1
-
Size
3.1MB
-
Sample
220506-pjbl2aceer
-
MD5
d65de7524197d0d296a3d5e4c85c35bc
-
SHA1
bd826cf86b3acfb45ea500d0bc731c40a7fa737b
-
SHA256
32c17b45985fbefcf67e054af34e00eb56c0577edfa13d03abb2b8d8e041a513
-
SHA512
b784fd4606e2626749babbb3debc5116796ce012257fa6400589df4501b29be01618aeaa7028d30f64d29c17eed6d1323eee670715ba2a3f4e0ed4c23e121876
Static task
static1
Behavioral task
behavioral1
Sample
Serve.ps1
Resource
win7-20220414-en
Malware Config
Extracted
bitrat
1.38
bitratnew9100.duckdns.org:9100
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
Serve.ps1
-
Size
3.1MB
-
MD5
d65de7524197d0d296a3d5e4c85c35bc
-
SHA1
bd826cf86b3acfb45ea500d0bc731c40a7fa737b
-
SHA256
32c17b45985fbefcf67e054af34e00eb56c0577edfa13d03abb2b8d8e041a513
-
SHA512
b784fd4606e2626749babbb3debc5116796ce012257fa6400589df4501b29be01618aeaa7028d30f64d29c17eed6d1323eee670715ba2a3f4e0ed4c23e121876
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-