General
-
Target
ap-file-nhbyg.exe--556260643.zip
-
Size
1.8MB
-
Sample
220615-q6tlsshefk
-
MD5
c3bc138ef028933efc694259fa4955b2
-
SHA1
e14742b2984a466ec54c2750c6935ec4942538fb
-
SHA256
4c80f993d4be96d139c4579fbf5e2b967bbc942dd623308b04dbecbe05046036
-
SHA512
c91fc8acdec451d245870568fcd2342514509381e836f2e2c1357f4bc9b6e70feacd7b10106b54add018cd5e41d3c2899fb3071a2d5d634cf442c71971d97852
Static task
static1
Behavioral task
behavioral1
Sample
nhbyg.exe
Resource
win7-20220414-en
Malware Config
Extracted
bitrat
1.38
bitrat9300.duckdns.org:9300
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
nhbyg.exe
-
Size
300.0MB
-
MD5
8ec6e02e9d4b3e4a627b288cbb1af47d
-
SHA1
6ca7f4ab25efeb2856128f54e13ec3f7437f680d
-
SHA256
b8488b04fbe5fb739a9f11f6e7ac23e6d1111437e361fb9d176b7e75f7a5ec01
-
SHA512
97e41aa6b64f554166822a20c31e2989dd3c71d504ca4da673dfa285565a6ae36783a07b3013e7f5024838694658043f9522a876611ff94166175666f568e993
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-