General
-
Target
ServerA.ps1
-
Size
3.1MB
-
Sample
220506-pjwxzacefl
-
MD5
3f59a9879c3bc01904de54cc4666d249
-
SHA1
dd917cf50955fcd14b4d36b5900c869eb61f220f
-
SHA256
eb2b24470ff5572e47f2e39e4557f35a01233c68ce9b9db6b5eada127108d6ad
-
SHA512
8565d33a97f8a7fd1faa11635edd514a4c6febf070cc01af3064616ea2acb3dadb3289ed5ecb8c12282638442b7850215d516595f6294980ac78a64eb73438bf
Static task
static1
Behavioral task
behavioral1
Sample
ServerA.ps1
Resource
win7-20220414-en
Malware Config
Extracted
bitrat
1.38
bitrat9300.duckdns.org:9300
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
ServerA.ps1
-
Size
3.1MB
-
MD5
3f59a9879c3bc01904de54cc4666d249
-
SHA1
dd917cf50955fcd14b4d36b5900c869eb61f220f
-
SHA256
eb2b24470ff5572e47f2e39e4557f35a01233c68ce9b9db6b5eada127108d6ad
-
SHA512
8565d33a97f8a7fd1faa11635edd514a4c6febf070cc01af3064616ea2acb3dadb3289ed5ecb8c12282638442b7850215d516595f6294980ac78a64eb73438bf
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-