General
-
Target
ACTA DE FALLO RADICACIÓN No. 99976-001-040-088-1806-2022-001892-00..exe
-
Size
4.3MB
-
Sample
220830-hj2d5adcbq
-
MD5
16493b515288ba1ef0cae7b464c945a9
-
SHA1
3506a29b4ca14868098f80fed9ed951465de03f0
-
SHA256
133fe387ae020daa465cd546ce113de82e09da91c7d0b2e61e138cc66368c659
-
SHA512
7c6d5988453fe279b07dedeec4c0e5d692cd42f2518d3a44fe1dd32b1912a5424924dbfccb513a0eca5097a8322a8e19c2a26dc6ce15727ea3c4e7d7c49f603c
-
SSDEEP
98304:V8Q2xl9HzTMes5tST8RDOTMOV2zHnYtQELiFjg:6/1s5tST8RDOhVSHgi5
Malware Config
Extracted
bitrat
1.38
benditodios.con-ip.com:3005
-
communication_password
202cb962ac59075b964b07152d234b70
-
tor_process
tor
Targets
-
-
Target
ACTA DE FALLO RADICACIÓN No. 99976-001-040-088-1806-2022-001892-00..exe
-
Size
4.3MB
-
MD5
16493b515288ba1ef0cae7b464c945a9
-
SHA1
3506a29b4ca14868098f80fed9ed951465de03f0
-
SHA256
133fe387ae020daa465cd546ce113de82e09da91c7d0b2e61e138cc66368c659
-
SHA512
7c6d5988453fe279b07dedeec4c0e5d692cd42f2518d3a44fe1dd32b1912a5424924dbfccb513a0eca5097a8322a8e19c2a26dc6ce15727ea3c4e7d7c49f603c
-
SSDEEP
98304:V8Q2xl9HzTMes5tST8RDOTMOV2zHnYtQELiFjg:6/1s5tST8RDOhVSHgi5
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-