General
-
Target
DOCUMENTO DE SOPORTE PAG A PROVEE, INSCRITOS 24-08.exe
-
Size
4.6MB
-
Sample
220825-jfbjzaaee8
-
MD5
62c1c4af9368544cd26895caba9fdc3a
-
SHA1
32698f2851f078e380ac4cc4d162916ba07ee8fd
-
SHA256
7882eeab3aa04b0e581e6bb2ff00ad16165d5cb2b0585953433428d20761361d
-
SHA512
db26d813599c658503803a9e206b6fd99690773ef692ce954cfdfaf598a5cfb5c691ca6a2c66c2b9b7d8dbcd7d776c1810e2cdb51a94e574347ba31c5fc4aaff
-
SSDEEP
98304:UJDl2T1JcZoWRH6pOaIjzPsRLqGSmd7lrYXznvMB3nU0XTL3xzpi0vOEM:UJDYTEEp06GGSmdOXznUBvfi0f
Malware Config
Extracted
bitrat
1.38
carlaangaritape1.con-ip.com:5020
-
communication_password
202cb962ac59075b964b07152d234b70
-
tor_process
tor
Targets
-
-
Target
DOCUMENTO DE SOPORTE PAG A PROVEE, INSCRITOS 24-08.exe
-
Size
4.6MB
-
MD5
62c1c4af9368544cd26895caba9fdc3a
-
SHA1
32698f2851f078e380ac4cc4d162916ba07ee8fd
-
SHA256
7882eeab3aa04b0e581e6bb2ff00ad16165d5cb2b0585953433428d20761361d
-
SHA512
db26d813599c658503803a9e206b6fd99690773ef692ce954cfdfaf598a5cfb5c691ca6a2c66c2b9b7d8dbcd7d776c1810e2cdb51a94e574347ba31c5fc4aaff
-
SSDEEP
98304:UJDl2T1JcZoWRH6pOaIjzPsRLqGSmd7lrYXznvMB3nU0XTL3xzpi0vOEM:UJDYTEEp06GGSmdOXznUBvfi0f
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-