General
-
Target
June RFQ - Finished Products List & Selection.exe
-
Size
1.7MB
-
Sample
220616-dp65cahcgr
-
MD5
db2b4147cb7d7bd810f7b8b2c7f04b3c
-
SHA1
ba7280b3e57c30e84043d69a15a2b41e66f7f8bb
-
SHA256
b1ea8507fb9fce713b396b966cbe353e767bea754198c6c1c6d32f33a1919611
-
SHA512
fe810165022a1d3e7ae9a7edb079ac3dbe4b40cb06302ff90b37eab0dd6dd1e27bdec20a6b4a549010f0cdc96525a03b6dc14186bfd029d9d81c4afbfd348501
Static task
static1
Behavioral task
behavioral1
Sample
June RFQ - Finished Products List & Selection.exe
Resource
win7-20220414-en
Malware Config
Extracted
bitrat
1.38
bilt.shipnotifica.com:3988
-
communication_password
2591605625515675ce1c298f970d39b2
-
install_dir
msfixrs
-
install_file
msfixr.exe
-
tor_process
tor
Targets
-
-
Target
June RFQ - Finished Products List & Selection.exe
-
Size
1.7MB
-
MD5
db2b4147cb7d7bd810f7b8b2c7f04b3c
-
SHA1
ba7280b3e57c30e84043d69a15a2b41e66f7f8bb
-
SHA256
b1ea8507fb9fce713b396b966cbe353e767bea754198c6c1c6d32f33a1919611
-
SHA512
fe810165022a1d3e7ae9a7edb079ac3dbe4b40cb06302ff90b37eab0dd6dd1e27bdec20a6b4a549010f0cdc96525a03b6dc14186bfd029d9d81c4afbfd348501
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-