General
-
Target
7640526130.zip
-
Size
1.5MB
-
Sample
220622-vcb7wahgen
-
MD5
c9c11698b35669ead7987f8910b160bd
-
SHA1
a91e1e595c332cd47dbbf3ca42764548eb41507b
-
SHA256
0adef8e5a5bb7909da48b99a157639fc7aac849e39eabd0154886c2f27abc3d8
-
SHA512
184d17beed6a4cc28c9c6afd7d999cc2ae1d443e775588a34aa7252512a109879606a2a25e1f76d1237de6c0ce68381ba6d41d7c80f0013388cbd29890746e1a
Static task
static1
Behavioral task
behavioral1
Sample
EMAILXKHF_PAYMENT_RECEIPT.exe
Resource
win7-20220414-en
Malware Config
Extracted
bitrat
1.38
bitrat9300.duckdns.org:9300
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
EMAILXKHF_PAYMENT_RECEIPT.exe
-
Size
300.0MB
-
MD5
c17ef9df7263f7374800f63e74fef81a
-
SHA1
471d08242c628ae5fb1b7863647af485db08fca2
-
SHA256
2b38215d265d8ddd65de076c280146b10e24d7320217f90a63d46fc00d648b6c
-
SHA512
12cb48e84c44ac1ee9599ea72c073090c40d7a7ea4276c5b1568b86ec6e4a6fe4dfa4c7ae8a0b407c45e09b49b5d32f0a90923b2e1fda92c1208fa1172d222d1
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-