General
-
Target
newbithere20054rfds.zip
-
Size
1.8MB
-
Sample
220902-e6pr3aadh6
-
MD5
fc484f972cfe5b6bf4d8c761acffeaa8
-
SHA1
27d8058b9689764e44fadd276792c636bd95750e
-
SHA256
b2ef8465be0b7cc5eae1a91a794efd72e8cc6e45574ae05b226e81d1c1b0faa6
-
SHA512
7a40c095cbe9a10cd635c9e53f74af3fe03fc9b47b80e82ad1269f2d5c890192dff5c6e2d74211bb2cd5c7e3421eba96b79eb1c78930e9a9115ac29cc1240ddb
-
SSDEEP
24576:gD9cULKm63g8oWRwkqHQsH5mRN6wMG3ttsD2PeMA9IbzGLAQLaAsuDyAkXLwq6Cn:gfKHhCRjQNgDye6RQW8D7hCIIW+/UpFk
Malware Config
Extracted
bitrat
1.38
newbithere.duckdns.org:2005
-
communication_password
827ccb0eea8a706c4c34a16891f84e7b
-
tor_process
tor
Targets
-
-
Target
newbithere20054rfds.exe
-
Size
300.0MB
-
MD5
9edb373bba31ed74e5635c8ba1ccbc24
-
SHA1
7826110d94ad641b3cbed3eaa1c4e1ab5e329e26
-
SHA256
cd39b649045c4556c08be586b301d1dc8536e63d14888a4e6a55636776a8e235
-
SHA512
90c56b8545767b8b3b3292ebc71d4683b6ff0c2e0fc1135159357707bfb462878c8044eced0f6138e7771d3db3c6e8a1b363d7663fd3e5e50f46254f22ee54e4
-
SSDEEP
24576:KQWUrKeG3ggoqRwkqbQsH50RPoE+G3ttsP2V4MM9obzQLAmLGAs4DyAunLw+6aI9:K2KtBCR3qP+JeO+/m6yDL9aITLUp
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-