General
-
Target
7583326122.zip
-
Size
1.5MB
-
Sample
220615-vc6rgsahf9
-
MD5
ec6ae7630e34f36f4ba9e82f4c9f23f4
-
SHA1
b1898e885461adc9ad7b60bf47f7423589cd67ab
-
SHA256
8c76fb918a3b6c197a9638bcbc03b1dc85606c256e04d919b5d9739b556e2ef0
-
SHA512
64429e441d8cba57aa09f86228f50f8e319cf6aa15a41e9f32c9bbdbe1d9c7cc5ce543c34e78162d790e2b0f9274c49052feca37ac32120a2abaed6d14b4a929
Static task
static1
Behavioral task
behavioral1
Sample
JO37GDDJF5_ETRANSFER_RECEIPT.exe
Resource
win7-20220414-en
Malware Config
Extracted
bitrat
1.38
bitrat9300.duckdns.org:9300
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
JO37GDDJF5_ETRANSFER_RECEIPT.exe
-
Size
300.0MB
-
MD5
9f791a0a9f76db609b44f0e3bf7bdef5
-
SHA1
0481f2e178c7a34b3d855e5c53553337fe2008ed
-
SHA256
ccd71d751bf017dee31f76eceded9aa6832f5e19b5389584d3665f76b4f0caf2
-
SHA512
06889bebdf092e4f1563e697e9c619a147954ffcb1f9dd9e9a9238d1410442373f95558c02e6bae6f5d832f89a46eab8b08114699f7321ce2e1150a69f1ad1ee
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-