General
-
Target
707ce4ec41a0a919739998e1260e50eb8eca2808ee69df64b07a5e985d1068ad
-
Size
1.4MB
-
Sample
220802-v4g77saegm
-
MD5
44e041dc2e445fcd33cc89b8453d0539
-
SHA1
99faf5ac243f30d7041e7018f41490023b552f60
-
SHA256
707ce4ec41a0a919739998e1260e50eb8eca2808ee69df64b07a5e985d1068ad
-
SHA512
893019fd4b969250464a551bdeb0fc050da5bc82f1680b5ef116e8cc43b2e0b4088ec351f91d0d4b379ffd61fb32a02a34ea11fb94ca35fc4ed064dda021bf18
Malware Config
Extracted
bitrat
1.38
trotox.duckdns.org:55441
-
communication_password
4b49ee1f55b1900518dfb23fd2d7c702
-
tor_process
tor
Targets
-
-
Target
707ce4ec41a0a919739998e1260e50eb8eca2808ee69df64b07a5e985d1068ad
-
Size
1.4MB
-
MD5
44e041dc2e445fcd33cc89b8453d0539
-
SHA1
99faf5ac243f30d7041e7018f41490023b552f60
-
SHA256
707ce4ec41a0a919739998e1260e50eb8eca2808ee69df64b07a5e985d1068ad
-
SHA512
893019fd4b969250464a551bdeb0fc050da5bc82f1680b5ef116e8cc43b2e0b4088ec351f91d0d4b379ffd61fb32a02a34ea11fb94ca35fc4ed064dda021bf18
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Modifies Windows Defender Real-time Protection settings
-
Modifies security service
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-