General
-
Target
BEIAKO93ND6_PAYMENT_COPY.zip
-
Size
1.8MB
-
Sample
220511-ge513sfgh5
-
MD5
fe9e747871ed7c17560df13fce52a9ab
-
SHA1
b091f80e9263a373a401e595e635aa773829e4d8
-
SHA256
e1433f76a11970aa6afb5939d724025e0b0135074e80105ed78c22ffc3f4a614
-
SHA512
b79d5499982ee3d319ad653662c68b14725634cc985d6451de58017bb951a6ffa99e3e2f269e5f11aa441db0dd681ea65252b3d7752684129d14d42c19da552c
Static task
static1
Behavioral task
behavioral1
Sample
BEIAKO93ND6_PAYMENT_COPY.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
BEIAKO93ND6_PAYMENT_COPY.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
bitrat
1.38
bitrat9300.duckdns.org:9300
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
BEIAKO93ND6_PAYMENT_COPY.exe
-
Size
300.0MB
-
MD5
d525694b79770baf6abd392e66717959
-
SHA1
87def261c5585e0da14aa652ef3994690134285c
-
SHA256
95a132fc2f847d2e269a626f9f9753fcf85ceefe27d96363bbb1fbcc94c79f05
-
SHA512
616f77f999f6600b62136b9729447eb5b21b040c7ce08aa0e81e445c7602dfda135986fc5c03fa7a5d72f0d9d47ebf5f9437769d53beee48ab67b26ce5e6da8c
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-