General
-
Target
ce4f5cc39b067867e398b8c5e8d4464399543b036027b0fe6bc160c8fe012f04
-
Size
1.9MB
-
Sample
220516-qapmzafahp
-
MD5
44db1fa8e4ad98383ed44d8af5172580
-
SHA1
81843a52940e646183d38fd47e441f8a03cfb101
-
SHA256
ce4f5cc39b067867e398b8c5e8d4464399543b036027b0fe6bc160c8fe012f04
-
SHA512
d484e761f39ff3517b5e40578d26759018a9314a67ea3595e7a32cefdcddc63e6872d0684683fbe459f82fed58f381fd8b5b39295020ec47af5dc940097fe4ea
Static task
static1
Behavioral task
behavioral1
Sample
ce4f5cc39b067867e398b8c5e8d4464399543b036027b0fe6bc160c8fe012f04.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
ce4f5cc39b067867e398b8c5e8d4464399543b036027b0fe6bc160c8fe012f04
-
Size
1.9MB
-
MD5
44db1fa8e4ad98383ed44d8af5172580
-
SHA1
81843a52940e646183d38fd47e441f8a03cfb101
-
SHA256
ce4f5cc39b067867e398b8c5e8d4464399543b036027b0fe6bc160c8fe012f04
-
SHA512
d484e761f39ff3517b5e40578d26759018a9314a67ea3595e7a32cefdcddc63e6872d0684683fbe459f82fed58f381fd8b5b39295020ec47af5dc940097fe4ea
-
BitRAT Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-