General
-
Target
order invoice.exe
-
Size
2.0MB
-
Sample
220719-lkxn4sbhhm
-
MD5
e7bab8f16adf2f5ba2f2247ce37bf8d7
-
SHA1
c4b0b7894e1110fc6dc4f0d1a591a3acdab22bfb
-
SHA256
0b38682544ecd94b8ce910e22593dd8a4671f38aa52a53aa314af9fd24a65d19
-
SHA512
356460ea6737f08201de548853b302f0825f60b9783d26778e6458b12d05011b55b305604594de0066b6640d6aabb713a138455b4fca4c2454be2838145708b4
Static task
static1
Behavioral task
behavioral1
Sample
order invoice.exe
Resource
win7-20220718-en
Malware Config
Extracted
bitrat
1.38
103.133.105.50:1234
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
order invoice.exe
-
Size
2.0MB
-
MD5
e7bab8f16adf2f5ba2f2247ce37bf8d7
-
SHA1
c4b0b7894e1110fc6dc4f0d1a591a3acdab22bfb
-
SHA256
0b38682544ecd94b8ce910e22593dd8a4671f38aa52a53aa314af9fd24a65d19
-
SHA512
356460ea6737f08201de548853b302f0825f60b9783d26778e6458b12d05011b55b305604594de0066b6640d6aabb713a138455b4fca4c2454be2838145708b4
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-