General
-
Target
2781f23530d6a69824ab8f23ec40595d
-
Size
131KB
-
Sample
220622-yq6v7adab7
-
MD5
2781f23530d6a69824ab8f23ec40595d
-
SHA1
95762c6bb48f4669c2d91bde8f4ee43cce0dbd5c
-
SHA256
11f4e9be4a633369d2dac63abff03111b576cbd4c3ca8a083a4343796fd2eed0
-
SHA512
6906bde845d2ca3577d72358cf8288d2956b839f0129d0b61dc5099d2814b9a6a75f92783a409517df5bb9fded1298ae798ebfff7f64d6a3629a80b79e7cc2dc
Malware Config
Extracted
bitrat
1.38
mcowduciush.duckdns.org:1880
-
communication_password
202cb962ac59075b964b07152d234b70
-
tor_process
tor
Targets
-
-
Target
2781f23530d6a69824ab8f23ec40595d
-
Size
131KB
-
MD5
2781f23530d6a69824ab8f23ec40595d
-
SHA1
95762c6bb48f4669c2d91bde8f4ee43cce0dbd5c
-
SHA256
11f4e9be4a633369d2dac63abff03111b576cbd4c3ca8a083a4343796fd2eed0
-
SHA512
6906bde845d2ca3577d72358cf8288d2956b839f0129d0b61dc5099d2814b9a6a75f92783a409517df5bb9fded1298ae798ebfff7f64d6a3629a80b79e7cc2dc
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-