General
-
Target
RKS7D5D6F_ETRANSFER_RECEIPT.zip
-
Size
1.8MB
-
Sample
220615-rwaavababr
-
MD5
504eb52f35301afa852490e0e1f0cebc
-
SHA1
af69bdec934f914152e9b7359e214538c84bfe24
-
SHA256
a2e53e31a6d4e81b4df4572ff9d41278b8c48c2387ba84075ae58f3d10c4884b
-
SHA512
7c6507226a2ccb60cd2df6e5387b5c9ec1ad318ea2629bea1fbc8487cd23077f0ccbc358664c78c11030bfb7541697c79c3e8f8ef89be2e928b31ce965c79cb6
Static task
static1
Behavioral task
behavioral1
Sample
RKS7D5D6F_ETRANSFER_RECEIPT.exe
Resource
win7-20220414-en
Malware Config
Extracted
bitrat
1.38
bitrat9300.duckdns.org:9300
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
RKS7D5D6F_ETRANSFER_RECEIPT.exe
-
Size
300.0MB
-
MD5
7298a9ef42c45144a0caab46893fc9e3
-
SHA1
809492d6628db6cb0af75ceb861ca209079029af
-
SHA256
cd4000e6ed2eeeb0af7509cc6c74ea8d2ef08d5d6f6551aeebad6a96de57d7cd
-
SHA512
ac95e369ed001e74b5c32cb94ac109f3b7c76b9c9dd82fd92c0569682589ccd94521599a7b03921a633c4668905a73ba87c9c7d5e31935d047f61c1284dd4459
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-