General
-
Target
SPALOKSIUJAHYDRS.rar
-
Size
1.5MB
-
Sample
220812-1xnz3aabhj
-
MD5
e2cd056c400ea638a111c7a4ab7fabab
-
SHA1
596951edaa137ce462e7b5454aa64960d1fe4bbc
-
SHA256
4af0df4c6e52c90d6bdca52fed0a6b0b91f1f1c8a1ea03423c21b561a0d7e1fb
-
SHA512
ee35de1e0cc66d895284026708aeabe18c4f1eac9380a4cb6282306697de268d2515753fbfd349cbd0107d415222572327293b95f271eb7c0aba3dd7d4345de5
Malware Config
Extracted
bitrat
1.38
bitrat9300.duckdns.org:9300
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
SPALOKSIUJAHYDRS.exe
-
Size
300.0MB
-
MD5
3d5164f658be6404df30aafb7e35bcfb
-
SHA1
2505d715093103eda2cff86f8328e32b75462242
-
SHA256
d8556549bce64ee0047c08b7326b609a8a406981749575320b89ef47cc9678f4
-
SHA512
f5e1ae28040781c05ebbdd37ee4f340c0b7bf27f4c97006fc9a150bdc7e1905081c9e416bf915da33377a22e6eb54b416b0cc6fa1af14212ca558db11cea9cc9
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Uses the VBS compiler for execution
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-