General
-
Target
21b9d51376efde8b0b9253c0b32e8bf5
-
Size
36KB
-
Sample
220602-sdggwacccp
-
MD5
21b9d51376efde8b0b9253c0b32e8bf5
-
SHA1
c7bbca83797e5a71e071b2f1d3eda5147e99ffa2
-
SHA256
a5463d144af0f2c9e1725f7a6c520977986bad3c3e3c3feb344b08b98c795c73
-
SHA512
ea10342a206bb1cf8ef606e61a2b3b70404c78ce3beb272957e8d0c0bf762140799c4d79aca0255120703d8e47b6e90338d97f7a80c2c220127ff494074751b9
Malware Config
Extracted
bitrat
1.38
gfeqqgeag.duckdns.org:1880
-
communication_password
202cb962ac59075b964b07152d234b70
-
tor_process
tor
Targets
-
-
Target
21b9d51376efde8b0b9253c0b32e8bf5
-
Size
36KB
-
MD5
21b9d51376efde8b0b9253c0b32e8bf5
-
SHA1
c7bbca83797e5a71e071b2f1d3eda5147e99ffa2
-
SHA256
a5463d144af0f2c9e1725f7a6c520977986bad3c3e3c3feb344b08b98c795c73
-
SHA512
ea10342a206bb1cf8ef606e61a2b3b70404c78ce3beb272957e8d0c0bf762140799c4d79aca0255120703d8e47b6e90338d97f7a80c2c220127ff494074751b9
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-