General
-
Target
D7M39A87SH3-ETRANSFER-RECEIPT.zip
-
Size
1.8MB
-
Sample
220615-yh35bsbffq
-
MD5
ce8f4a5b067cb9447c863f2dba4b5b38
-
SHA1
e22ee6e1de3ecd978f1ddf1d6d2f8e5829d73160
-
SHA256
859246ff173ff4ff68c9c761a21aa9944c7c2dba5cd882d9309d845355895631
-
SHA512
3d0ee32c2114f674dff5f2f449baa449aa17a6a38c54fd1314c497ca2575f0e6b8cb06a1f13ec21626ba96216c271e6e7edb823ba44c610abd281b7ff24a2b88
Static task
static1
Behavioral task
behavioral1
Sample
D7M39A87SH3-ETRANSFER-RECEIPT.exe
Resource
win7-20220414-en
Malware Config
Extracted
bitrat
1.38
bitrat9300.duckdns.org:9300
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
D7M39A87SH3-ETRANSFER-RECEIPT.exe
-
Size
300.0MB
-
MD5
edd26deecff12183dc818957f18b866a
-
SHA1
7e4fc7d57f7502ad210ceafbe294716981585281
-
SHA256
0b6306bc128b16b99cee0d04e4427bc0b5dbe32b2386fc4800cf42c9f42ed3b3
-
SHA512
b86225d429f244077f1a4313318e034320da2091a02a8064065b2fbd290eaa5285adfe90a161886f6a13dcba996f536da6758da78cf54ec01c900369db841987
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-