General
-
Target
BUD6HCGS_ETRANSFER_RECEIPT.zip
-
Size
1.7MB
-
Sample
220617-vdy32acfhr
-
MD5
0c9e667cf6db32f2f299cae2d51ab6e7
-
SHA1
1d0fe3831d56b69cff2399867bc1d94e1a0f40a8
-
SHA256
1fc914f89f244da1649c53034bfe96a2c7744af3d6cd85f258d9c377446f4afd
-
SHA512
81a7f95b62ab17bd6f58c7dc9b27b40154969235029d2023f1e5c1ea0005bb27a7a496246fd0eb2c604054609d3c9187da1152c707718211a0d35320d3d4243b
Malware Config
Extracted
bitrat
1.38
bitrat9300.duckdns.org:9300
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
BUD6HCGS_ETRANSFER_RECEIPT.exe
-
Size
200.0MB
-
MD5
4adbac216516812a5aaef7114bfb7113
-
SHA1
68e86d9070f63bb4860ba87cc6414b2dfcf47da8
-
SHA256
839907fe5e1d61d13e9e4242f6bb3d983b14f972f32b8cfa7f04ccb7c0e3e735
-
SHA512
f196da861aa55c1683e7bfb02c386eb5bcbbd27deffd46fda045d05d84109cfcd61b58d79bd6667588a1359e9b979be4c9b8b022453d71409b64c8fe5160dbd1
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-