General
-
Target
NIS75FJ4D_ETRANSFER_RECEIPT.zip
-
Size
1.8MB
-
Sample
220615-sb5rpacadk
-
MD5
10efa0d7ef3d535ac582c4840dd78775
-
SHA1
f34bef1973147df3a5224aa97b018543bb85c9e1
-
SHA256
0b7b2a194f5ba8d1174ec78952b8a570ed6384e94836a26d4cec1d4397c030c8
-
SHA512
c7cc953fad57d621f5334708d8b864c4a703e5a521c5f3ea77d76836d55a8564f79912ea15ab3d86c38978cb0daa3d2906bd1713e49c968dc03a9c3ff0e3396c
Static task
static1
Behavioral task
behavioral1
Sample
NIS75FJ4D_ETRANSFER_RECEIPT.exe
Resource
win7-20220414-en
Malware Config
Extracted
bitrat
1.38
bitrat9300.duckdns.org:9300
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
NIS75FJ4D_ETRANSFER_RECEIPT.exe
-
Size
300.0MB
-
MD5
d072528e13a5c62a4f27192472f757da
-
SHA1
361a23cc18bb659c6663e7e4d962c002ca89b716
-
SHA256
0cf97758629ff73febf6d092d1efa21076274de36257722e9f33ed71937b1c0b
-
SHA512
59dd288c9e820a575b2a977b07976e6c6b36f87e6dc8a6028e51cc8e6aae60668de1d4f9be9c34bc3489875fc3440727f47542a3c0ad48a19a83b5c03f5fb397
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-