General
-
Target
1e01768f0a3e21c651b9912b7a1ffec3
-
Size
1.3MB
-
Sample
220721-yrw3dahha3
-
MD5
1e01768f0a3e21c651b9912b7a1ffec3
-
SHA1
a685a29f95387428ce598fca8453b391ab8f2865
-
SHA256
6c86e7498865533229e0d51d8d0cf928e9bf129958e18ffe73b97410ca0589a8
-
SHA512
0606e6c8023cf21156fc9b72458d5b953454099c864e147136fb73e08d6bd4a7d81b3fc0f1f9caa82b9262f1503e3b2d7345e81974a52fd1f6413f8f4c64ca0b
Static task
static1
Behavioral task
behavioral1
Sample
1e01768f0a3e21c651b9912b7a1ffec3.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
1e01768f0a3e21c651b9912b7a1ffec3.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
bitrat
1.38
markemoney.con-ip.com:3005
-
communication_password
202cb962ac59075b964b07152d234b70
-
tor_process
tor
Targets
-
-
Target
1e01768f0a3e21c651b9912b7a1ffec3
-
Size
1.3MB
-
MD5
1e01768f0a3e21c651b9912b7a1ffec3
-
SHA1
a685a29f95387428ce598fca8453b391ab8f2865
-
SHA256
6c86e7498865533229e0d51d8d0cf928e9bf129958e18ffe73b97410ca0589a8
-
SHA512
0606e6c8023cf21156fc9b72458d5b953454099c864e147136fb73e08d6bd4a7d81b3fc0f1f9caa82b9262f1503e3b2d7345e81974a52fd1f6413f8f4c64ca0b
-
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-