General
-
Target
order invoice.rar
-
Size
1.9MB
-
Sample
220719-qznrzacga5
-
MD5
3ec111941b44d413bf1404977dafe6e0
-
SHA1
50238e073027ac9af73cdede2cd5568707df32c5
-
SHA256
1c6f80f36398d41796b8ef8ccb5a871886403634f088afe381559d9d68b4ba42
-
SHA512
929360565f04e64dd47ba35362669d0826b1bfaed99595e730d8c37803548d0f435e09aa2d98a128c91bf63b02f663c6dac00bc984c4f090a6fdfc2a63ad5fe5
Static task
static1
Behavioral task
behavioral1
Sample
order invoice.exe
Resource
win7-20220718-en
Malware Config
Extracted
bitrat
1.38
103.133.105.50:1234
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
order invoice.exe
-
Size
2.0MB
-
MD5
e7bab8f16adf2f5ba2f2247ce37bf8d7
-
SHA1
c4b0b7894e1110fc6dc4f0d1a591a3acdab22bfb
-
SHA256
0b38682544ecd94b8ce910e22593dd8a4671f38aa52a53aa314af9fd24a65d19
-
SHA512
356460ea6737f08201de548853b302f0825f60b9783d26778e6458b12d05011b55b305604594de0066b6640d6aabb713a138455b4fca4c2454be2838145708b4
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-