General
-
Target
aa720aec88d230bed0716ec12e792ff5
-
Size
106KB
-
Sample
220603-tfwv1sfcaj
-
MD5
aa720aec88d230bed0716ec12e792ff5
-
SHA1
9c55fbed15ca309a7b26d43b87ca6b2ca21b6875
-
SHA256
41fb88ffd15b8f18847e6828f64f78d709cb5130af97a5fa96de3bdd3a57d6b7
-
SHA512
424bb24d107efd746c516be23ebf58740a770d77626a9af3c6e2152d688c4334e88e4b662ad8bc9b2c634adaf83f2f1d59c30a82c2a97fe9ebf2f7e8f7ab9a7d
Malware Config
Extracted
bitrat
1.38
szdvdsdsgvds.duckdns.org:1880
-
communication_password
202cb962ac59075b964b07152d234b70
-
tor_process
tor
Targets
-
-
Target
aa720aec88d230bed0716ec12e792ff5
-
Size
106KB
-
MD5
aa720aec88d230bed0716ec12e792ff5
-
SHA1
9c55fbed15ca309a7b26d43b87ca6b2ca21b6875
-
SHA256
41fb88ffd15b8f18847e6828f64f78d709cb5130af97a5fa96de3bdd3a57d6b7
-
SHA512
424bb24d107efd746c516be23ebf58740a770d77626a9af3c6e2152d688c4334e88e4b662ad8bc9b2c634adaf83f2f1d59c30a82c2a97fe9ebf2f7e8f7ab9a7d
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-