General
-
Target
6a47a57078ced1ba3fafd90a62cb0182
-
Size
77KB
-
Sample
220613-zth4zafaa8
-
MD5
6a47a57078ced1ba3fafd90a62cb0182
-
SHA1
a82f59f1e7e12798b26ded3bdaa30c11132a0537
-
SHA256
b297a101ed1a7f84c5d937599664979a3becf9d42f1de6f6eb447f4517e06f95
-
SHA512
a42e2ebe878ba9c13cb6758ae6f9cdd7a8c7fbd667ff4ac256f42777c9091b66ea21925d5665f025287b22ae8dc035d85941bf3daa70215d5d43a2fd9914d6f5
Static task
static1
Behavioral task
behavioral1
Sample
6a47a57078ced1ba3fafd90a62cb0182.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
6a47a57078ced1ba3fafd90a62cb0182.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
bitrat
1.38
millonesdebendiones.con-ip.com:3005
-
communication_password
202cb962ac59075b964b07152d234b70
-
tor_process
tor
Targets
-
-
Target
6a47a57078ced1ba3fafd90a62cb0182
-
Size
77KB
-
MD5
6a47a57078ced1ba3fafd90a62cb0182
-
SHA1
a82f59f1e7e12798b26ded3bdaa30c11132a0537
-
SHA256
b297a101ed1a7f84c5d937599664979a3becf9d42f1de6f6eb447f4517e06f95
-
SHA512
a42e2ebe878ba9c13cb6758ae6f9cdd7a8c7fbd667ff4ac256f42777c9091b66ea21925d5665f025287b22ae8dc035d85941bf3daa70215d5d43a2fd9914d6f5
Score10/10-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-