General
-
Target
5d7d0a5904199e6196c09c6cddf091dc
-
Size
1.0MB
-
Sample
220714-vm4pwacfc8
-
MD5
5d7d0a5904199e6196c09c6cddf091dc
-
SHA1
037b6bcd6c82f80acf1062dcb56e29eb34fd450a
-
SHA256
b8f3a767a3ec216bd009cd4b75e20b5b3daaafff409ced7b3ae6c6a05854342d
-
SHA512
068412a7e2afbab702dd6edc73ef91d785fd2499c4a8546e26165b2d5b0663d8dbc385c978cc085d60fbb5860e559545ad60bc8f2f0ab2f146573cb95803c806
Malware Config
Extracted
bitrat
1.38
bendecidobendiciones.con-ip.com:3005
-
communication_password
202cb962ac59075b964b07152d234b70
-
tor_process
tor
Targets
-
-
Target
5d7d0a5904199e6196c09c6cddf091dc
-
Size
1.0MB
-
MD5
5d7d0a5904199e6196c09c6cddf091dc
-
SHA1
037b6bcd6c82f80acf1062dcb56e29eb34fd450a
-
SHA256
b8f3a767a3ec216bd009cd4b75e20b5b3daaafff409ced7b3ae6c6a05854342d
-
SHA512
068412a7e2afbab702dd6edc73ef91d785fd2499c4a8546e26165b2d5b0663d8dbc385c978cc085d60fbb5860e559545ad60bc8f2f0ab2f146573cb95803c806
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-