General
-
Target
Interac-e-Transfer-Receipt.zip
-
Size
1.8MB
-
Sample
220809-trbdfscfgr
-
MD5
cbe1b81389e7564f8230fe3edeb45d6a
-
SHA1
87404a9ccbb6db1521d5be15d80b8229db2a3663
-
SHA256
df9752355297575b5c2175a1bdc6cd63fe26b6c6041282725fbb86db331411ed
-
SHA512
b3dd06c8f7294e1392c3b0f40ab6597487b0dfdcc608a7164bea0ded087691d872d782f08623b18bd4e055c4738f5171afa092f70649c8c4919f6ad6b8a439f2
Malware Config
Extracted
bitrat
1.38
bitrat9300.duckdns.org:9300
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
Interac-e-Transfer-Receipt.exe
-
Size
300.0MB
-
MD5
8dac8b61bf8c23264873a3f3bee260f5
-
SHA1
ba581c38574794324ea714a48671fad7f2384dbe
-
SHA256
7e4a1f93d53d3962a913e000524344bdcccd6d36d0856b3df38df57d4a8e1df3
-
SHA512
65ef0b281583e1f8303ff470dc134d8d35ccc394521fd93294cd251220af501137b17d39af91829efe0191e395c2494e1652565895647bf04a46b56fe0eae163
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-