General
-
Target
c41718ada97cee3ec7317272591eda61-sample.zip
-
Size
624KB
-
Sample
220608-wjbelaeeb4
-
MD5
a19a59d7bd616a575898970b68b87b82
-
SHA1
9c01da8e5bdddf0bea2df8c7f99344aeb55dce73
-
SHA256
de2ccca7996acb55c58238b8f0a465398a0ff5cec1081ed1da9d51573ca87959
-
SHA512
23c6627902ba3f4887a17b9b2a2bb215e6013bf4099a8eabc0a6a43d29739d86b1810252c160c05e9fabed24655e4aa7fe374fb775a76ecf2888b60064182cb3
Static task
static1
Behavioral task
behavioral1
Sample
Aepfxfnvtbhazznvyqqgljtzsbpyrqphao.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Aepfxfnvtbhazznvyqqgljtzsbpyrqphao.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
bitrat
1.38
oka.nerdpol.ovh:2223
-
communication_password
b6c6e855edf908ec7c12ce8c8e628a5c
-
tor_process
tor
Targets
-
-
Target
Aepfxfnvtbhazznvyqqgljtzsbpyrqphao.exe
-
Size
1.0MB
-
MD5
3daa66d053bf5aa603c9db0af979d2b7
-
SHA1
5beb955aef82e5e487b50c3a7ba38ec76d93e760
-
SHA256
bda842fc1f63fc6ab60f1964cbb4f25e655b92ffa0009d4b9a91f293e9b4f228
-
SHA512
fd54c4568d7e508ce0b47ed6d71f519608b3e850bac54bba8f3f2dcdfa49fe9cc71caf366ebf089d090c399c25c8c2842fe9c6a1b7b494f1d03cf0b6bb8a91cb
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-