General
-
Target
67c8a9d610832f9635564c7bbd9ebacdad15aa417b521ce817c2df98f01d5c87
-
Size
3.9MB
-
Sample
220708-kzqcxaceb3
-
MD5
372110e8f2a41222c0ad52133189f8c5
-
SHA1
7947005e99adf61bff4dd781bbf42795ea5fd882
-
SHA256
67c8a9d610832f9635564c7bbd9ebacdad15aa417b521ce817c2df98f01d5c87
-
SHA512
e4a483a26f78564de21e38afa86d9c3e4be23a06196c8f287d02cec2489024b92ad06c7e8937c32d49615b91f3e757cb17b9eb3ad16de72f1b4d3081b999072a
Static task
static1
Behavioral task
behavioral1
Sample
67c8a9d610832f9635564c7bbd9ebacdad15aa417b521ce817c2df98f01d5c87.exe
Resource
win7-20220414-en
Malware Config
Extracted
bitrat
1.31
Targets
-
-
Target
67c8a9d610832f9635564c7bbd9ebacdad15aa417b521ce817c2df98f01d5c87
-
Size
3.9MB
-
MD5
372110e8f2a41222c0ad52133189f8c5
-
SHA1
7947005e99adf61bff4dd781bbf42795ea5fd882
-
SHA256
67c8a9d610832f9635564c7bbd9ebacdad15aa417b521ce817c2df98f01d5c87
-
SHA512
e4a483a26f78564de21e38afa86d9c3e4be23a06196c8f287d02cec2489024b92ad06c7e8937c32d49615b91f3e757cb17b9eb3ad16de72f1b4d3081b999072a
-
BitRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-