General
-
Target
9ca474dfa5f9f967f313b8eedc8c21f1
-
Size
1.3MB
-
Sample
220721-vjxr6ahcfq
-
MD5
9ca474dfa5f9f967f313b8eedc8c21f1
-
SHA1
fe34d8e8f8135b751bec2f050be08befc0d86a9e
-
SHA256
fb636076a52142a4d28dc7dd07f4163a38a8ff6f3e205ed60c25317882b307e3
-
SHA512
e4bb11ce018a608a4f163249fb253ce8f504a6dbaf064652e997d64f49b02d2a8c97dc7ff479fa40a3f5c147a198916c69bb46e56f9eec09b52ea4ae98a2f14b
Static task
static1
Behavioral task
behavioral1
Sample
9ca474dfa5f9f967f313b8eedc8c21f1.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
9ca474dfa5f9f967f313b8eedc8c21f1.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
bitrat
1.38
ejuejehth.con-ip.com:1880
-
communication_password
202cb962ac59075b964b07152d234b70
-
tor_process
tor
Targets
-
-
Target
9ca474dfa5f9f967f313b8eedc8c21f1
-
Size
1.3MB
-
MD5
9ca474dfa5f9f967f313b8eedc8c21f1
-
SHA1
fe34d8e8f8135b751bec2f050be08befc0d86a9e
-
SHA256
fb636076a52142a4d28dc7dd07f4163a38a8ff6f3e205ed60c25317882b307e3
-
SHA512
e4bb11ce018a608a4f163249fb253ce8f504a6dbaf064652e997d64f49b02d2a8c97dc7ff479fa40a3f5c147a198916c69bb46e56f9eec09b52ea4ae98a2f14b
Score10/10-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-