General
-
Target
SecuriteInfo.com.Variant.Bulz.730395.20983.24229
-
Size
1.8MB
-
Sample
220704-t3m7dsccd7
-
MD5
2f739f97c66d3045db3493780644c7ad
-
SHA1
66c4b6042c730cac3d6fecf96c0d9cd20b71e47d
-
SHA256
5772bd29784adbf084a02eb16b79167d007b9eac3821cfb789a26196368f3e2a
-
SHA512
b56e3566e366ed36c24f0def539d31211eb53ce6c659db107e094a867a087375f2385c0c782850c2b350ba51aaf01365919a3218d47d3e77fbb2a891388172d0
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Bulz.730395.20983.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Variant.Bulz.730395.20983.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
bitrat
1.38
bitrat9300.duckdns.org:9300
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
SecuriteInfo.com.Variant.Bulz.730395.20983.24229
-
Size
1.8MB
-
MD5
2f739f97c66d3045db3493780644c7ad
-
SHA1
66c4b6042c730cac3d6fecf96c0d9cd20b71e47d
-
SHA256
5772bd29784adbf084a02eb16b79167d007b9eac3821cfb789a26196368f3e2a
-
SHA512
b56e3566e366ed36c24f0def539d31211eb53ce6c659db107e094a867a087375f2385c0c782850c2b350ba51aaf01365919a3218d47d3e77fbb2a891388172d0
Score10/10-
Modifies WinLogon for persistence
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-