General
-
Target
SecuriteInfo.com.Trojan.Olock.1.5570.5127
-
Size
2.0MB
-
Sample
220711-jcykbshed9
-
MD5
f0bbd012d016825b7aed925e01a64c06
-
SHA1
cd5998fa057df962581e778b7ccc30fe18b09d8c
-
SHA256
822c406302073a1bf9527e611959437a354aad3f34977c6ffbbdfd31f7436c41
-
SHA512
83a7c868edb81f7266ac3405f962db3ebf784cf150c554a1efe45ea85003bcc6d60691ec7cc3c38153877d800c4d96c39cdfbee2c17ba737515e469884a0a904
Malware Config
Extracted
bitrat
1.38
godfavor.duckdns.org:2349
-
communication_password
81dc9bdb52d04dc20036dbd8313ed055
-
tor_process
tor
Targets
-
-
Target
SecuriteInfo.com.Trojan.Olock.1.5570.5127
-
Size
2.0MB
-
MD5
f0bbd012d016825b7aed925e01a64c06
-
SHA1
cd5998fa057df962581e778b7ccc30fe18b09d8c
-
SHA256
822c406302073a1bf9527e611959437a354aad3f34977c6ffbbdfd31f7436c41
-
SHA512
83a7c868edb81f7266ac3405f962db3ebf784cf150c554a1efe45ea85003bcc6d60691ec7cc3c38153877d800c4d96c39cdfbee2c17ba737515e469884a0a904
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-