General
-
Target
5E297439F33C3AF204BFA3461BB2D8AB.fil
-
Size
38.1MB
-
Sample
220712-3kexqsafd9
-
MD5
5e297439f33c3af204bfa3461bb2d8ab
-
SHA1
8a0168ab1e7c0b6eb072c9f5666d077d77e92a9d
-
SHA256
32a236c5951f03c2810509b3adcec8bf3e0dcb5e747a18b448f3ebadab4fa6be
-
SHA512
d12f55b3cecb9d8fa975bd937be17664a2f1d51f60760f3824b1cd89d887c865ddb86f7b4be4851c1b72f820e3f533ce65bf906ae455da7fd9df0aa99a50b1c0
Static task
static1
Behavioral task
behavioral1
Sample
5E297439F33C3AF204BFA3461BB2D8AB.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
5E297439F33C3AF204BFA3461BB2D8AB.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
bitrat
1.38
under101.duckdns.org:1025
-
communication_password
81dc9bdb52d04dc20036dbd8313ed055
-
install_dir
AppData
-
install_file
Blast.exe
-
tor_process
tor
Targets
-
-
Target
5E297439F33C3AF204BFA3461BB2D8AB.fil
-
Size
38.1MB
-
MD5
5e297439f33c3af204bfa3461bb2d8ab
-
SHA1
8a0168ab1e7c0b6eb072c9f5666d077d77e92a9d
-
SHA256
32a236c5951f03c2810509b3adcec8bf3e0dcb5e747a18b448f3ebadab4fa6be
-
SHA512
d12f55b3cecb9d8fa975bd937be17664a2f1d51f60760f3824b1cd89d887c865ddb86f7b4be4851c1b72f820e3f533ce65bf906ae455da7fd9df0aa99a50b1c0
Score10/10-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-