General
-
Target
RPDQOPKDGSA_PAYMENT_INVOICE.exe
-
Size
299.0MB
-
Sample
220714-hpz39abbdp
-
MD5
e19f652edb3ad5c5d322a9458f0bd57b
-
SHA1
3c21da297f2119d4312c5401981dc31fcbb4bf81
-
SHA256
30200a7b327e28ce7e846002f0cb8e63716fac612a8bf3c78d2abe568d9de9d9
-
SHA512
e82fc0d590c3017e478e0eb3c34a8c9af231dd8ddbb8d224b2445d1365e3743476bbaac4877ef0cef6484ad4310518a85d09a16ecc7e5483342fbddc0a5c05b8
Malware Config
Extracted
bitrat
1.38
sh1673009.duckdns.org:7812
-
communication_password
81dc9bdb52d04dc20036dbd8313ed055
-
tor_process
tor
Targets
-
-
Target
RPDQOPKDGSA_PAYMENT_INVOICE.exe
-
Size
299.0MB
-
MD5
e19f652edb3ad5c5d322a9458f0bd57b
-
SHA1
3c21da297f2119d4312c5401981dc31fcbb4bf81
-
SHA256
30200a7b327e28ce7e846002f0cb8e63716fac612a8bf3c78d2abe568d9de9d9
-
SHA512
e82fc0d590c3017e478e0eb3c34a8c9af231dd8ddbb8d224b2445d1365e3743476bbaac4877ef0cef6484ad4310518a85d09a16ecc7e5483342fbddc0a5c05b8
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-