General
-
Target
17210db01b7703f53780573317e2852b.exe
-
Size
3.8MB
-
Sample
220628-v8vn4achh7
-
MD5
17210db01b7703f53780573317e2852b
-
SHA1
d89cdfd1ceb7132ffa8d5dfb7ccb132f5f5c46c8
-
SHA256
397a9c37ff58d6915b7e973b68136b5777c5d2eadbbbd537acf057497bfaa43f
-
SHA512
559f3600e591e206175aaef529a58f65ad89ddd46772c791dc52a98e2619f650b17268c1a5983ce49aff71fbca13e34c29cf4499962b7c3d0de40e76826c6a4f
Static task
static1
Behavioral task
behavioral1
Sample
17210db01b7703f53780573317e2852b.exe
Resource
win7-20220414-en
Malware Config
Extracted
bitrat
1.38
wer89.duckdns.org:2222
-
communication_password
653d716345d8915046b904b90f41f271
-
tor_process
tor
Targets
-
-
Target
17210db01b7703f53780573317e2852b.exe
-
Size
3.8MB
-
MD5
17210db01b7703f53780573317e2852b
-
SHA1
d89cdfd1ceb7132ffa8d5dfb7ccb132f5f5c46c8
-
SHA256
397a9c37ff58d6915b7e973b68136b5777c5d2eadbbbd537acf057497bfaa43f
-
SHA512
559f3600e591e206175aaef529a58f65ad89ddd46772c791dc52a98e2619f650b17268c1a5983ce49aff71fbca13e34c29cf4499962b7c3d0de40e76826c6a4f
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-