General
-
Target
Acción de Tutela Rdo. 2022-69184655-615-18963-00.exe
-
Size
3.9MB
-
Sample
220823-pjqe7ahec7
-
MD5
0fc57104c568a9db8d5e8f9d1dd3ffff
-
SHA1
b476f5514963b5eb2f090b40b244c97ab177bf17
-
SHA256
f91e319faf091aa42dcdcb03a069be16ffbbfb243631bf93297ac2c22478ec1c
-
SHA512
d893e847cb5d7d8f87f89bc719749840d2cf5986147d8a16b49b990c72d3857ccea5e2c591cfaf3cb0e281d7d8ae349bfba206a9df91bd1e01244e94f470dc99
-
SSDEEP
98304:+NaAP+f46ND7dcqiQ7OgxZRUffNYDLMoTzI7gr:EaAP1qDxzi0OoZRUf1Ykowg
Malware Config
Extracted
bitrat
1.38
markemoney.con-ip.com:3005
-
communication_password
202cb962ac59075b964b07152d234b70
-
tor_process
tor
Targets
-
-
Target
Acción de Tutela Rdo. 2022-69184655-615-18963-00.exe
-
Size
3.9MB
-
MD5
0fc57104c568a9db8d5e8f9d1dd3ffff
-
SHA1
b476f5514963b5eb2f090b40b244c97ab177bf17
-
SHA256
f91e319faf091aa42dcdcb03a069be16ffbbfb243631bf93297ac2c22478ec1c
-
SHA512
d893e847cb5d7d8f87f89bc719749840d2cf5986147d8a16b49b990c72d3857ccea5e2c591cfaf3cb0e281d7d8ae349bfba206a9df91bd1e01244e94f470dc99
-
SSDEEP
98304:+NaAP+f46ND7dcqiQ7OgxZRUffNYDLMoTzI7gr:EaAP1qDxzi0OoZRUf1Ykowg
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-