General
-
Target
GSHSTGHJ-RECEIPT.exe
-
Size
300.0MB
-
Sample
220715-ssza8scfhm
-
MD5
4a9144330984c30158c1373b27f3344f
-
SHA1
dbb20df3c97724db61e1c42fc9c9c20eb6117c79
-
SHA256
1dd733561cefb8caf102a5a0d39f1282eac8d430deb0a4c9d904abbef3ca672c
-
SHA512
f4815960b92122e7ac38687ea30685cfc8dd79a9f243c9a3384a72c8780731b8329721c830ff05787fb6144916ac3088d1378acac1b20847363409fb3790fb68
Static task
static1
Behavioral task
behavioral1
Sample
GSHSTGHJ-RECEIPT.exe
Resource
win7-20220414-en
Malware Config
Extracted
bitrat
1.38
bitrat9300.duckdns.org:9300
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
GSHSTGHJ-RECEIPT.exe
-
Size
300.0MB
-
MD5
4a9144330984c30158c1373b27f3344f
-
SHA1
dbb20df3c97724db61e1c42fc9c9c20eb6117c79
-
SHA256
1dd733561cefb8caf102a5a0d39f1282eac8d430deb0a4c9d904abbef3ca672c
-
SHA512
f4815960b92122e7ac38687ea30685cfc8dd79a9f243c9a3384a72c8780731b8329721c830ff05787fb6144916ac3088d1378acac1b20847363409fb3790fb68
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-