Overview
overview
10Static
static
10BitRAT.exe
windows7-x64
7BitRAT.exe
windows10-1703-x64
7BitRAT.exe
windows10-2004-x64
7BitRat_Cra...er.bat
windows7-x64
1BitRat_Cra...er.bat
windows10-1703-x64
4BitRat_Cra...er.bat
windows10-2004-x64
10data/modules/hvnc.exe
windows7-x64
10data/modules/hvnc.exe
windows10-1703-x64
10data/modules/hvnc.exe
windows10-2004-x64
10data/tor/tor.exe
windows7-x64
10data/tor/tor.exe
windows10-1703-x64
10data/tor/tor.exe
windows10-2004-x64
10General
-
Target
Bit-Full.zip
-
Size
24.7MB
-
Sample
220911-pclhnabee8
-
MD5
ad1fffe2735c63a5c46259525b3c42cd
-
SHA1
9b2c9d2a15ef837c34aeab2d2d64083ab240e26a
-
SHA256
ea4cf517d1e1d5caf83092ace633917c52c9ae3ee44cf97407452cdb1299056a
-
SHA512
8e88415d06c60a99e68acb5b7a68c1af011027cdcaeb9e7dac2811d19d4cac1fc86508f226d1650f364e937a9b4a1cb450371aa39f13ff62bcd36d7d82bf2a38
-
SSDEEP
393216:JqhZbyXjlGTFiCBPaxetltsJ7v67TjsWqehuIl4qtyVagrY4mKpOeBGicwlNwskj:JhXUBtdsJ7yjswpx4LlBblN+
Behavioral task
behavioral1
Sample
BitRAT.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
BitRAT.exe
Resource
win10-20220812-en
Behavioral task
behavioral3
Sample
BitRAT.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral4
Sample
BitRat_Cracked_Launcher.bat
Resource
win7-20220812-en
Behavioral task
behavioral5
Sample
BitRat_Cracked_Launcher.bat
Resource
win10-20220812-en
Behavioral task
behavioral6
Sample
BitRat_Cracked_Launcher.bat
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
data/modules/hvnc.exe
Resource
win7-20220901-en
Behavioral task
behavioral8
Sample
data/modules/hvnc.exe
Resource
win10-20220812-en
Behavioral task
behavioral9
Sample
data/modules/hvnc.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral10
Sample
data/tor/tor.exe
Resource
win7-20220812-en
Behavioral task
behavioral11
Sample
data/tor/tor.exe
Resource
win10-20220901-en
Behavioral task
behavioral12
Sample
data/tor/tor.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
BitRAT.exe
-
Size
13.6MB
-
MD5
03c4dc0c56e0c14e49341b31fc68e69b
-
SHA1
9de6b2dfc76a99ce18a99f7092a71a00926b61ec
-
SHA256
633f7758cc5df2dfc398840dfcf0ee24d3e233135167c805e9dae843cda9b6da
-
SHA512
a3fcbd1ed7701a1049345cdcecf10b8689d5b80dec76bed156d48b9f3f8ad4e2b55c5f4a6f9512c2ed02f9ff1c992650520ed06045ab1081b5b3817ea9f717bc
-
SSDEEP
196608:scVMS3RPqqL3RkDRq60tmZSPGPAPfelOC1/Stltibf:DMXs6cPP2AeKt3i7
Score7/10-
Loads dropped DLL
-
-
-
Target
BitRat_Cracked_Launcher.bat
-
Size
979B
-
MD5
73c8759db01e571b42b4dd1675733083
-
SHA1
0cd50d811d4289d8b31ef6f5943d61cddda616be
-
SHA256
338a380416430dadd08fc399caacd327c674466de7498823097ff176f07f9db3
-
SHA512
4d7a36e59797d239b658a0d6d52f852692d3c592fa031b7b08656e2f9c484004f90a4c76ffe2553d664790de0f2122cd2e6220e8be11a7caa999fa7970898746
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
-
-
Target
data/modules/hvnc.exe
-
Size
87KB
-
MD5
801d3b12ee57df968833fa19a6d1c4d9
-
SHA1
4a11c7969014f3b4923372e30be1e529e92f5cb4
-
SHA256
13c4cdd3a92035405f85c8ed17131d3df24735c5c131747e688112ad59388130
-
SHA512
65573f7194196d2f24ad29460019520cc314c2b60adcaf2dddc9ad0a8f29b3683af5575df4803bb3b80705d71e8c1c49f56746dd125254349bad5a38bb647b07
-
SSDEEP
1536:9xqjQ+P04wsmJCDErUTbJAAWeT6QK4tkckSu/BOgbxH:wr85CcsAlyNK4tkctu/QgN
Score10/10-
Detect Neshta payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
-
-
Target
data/tor/tor.exe
-
Size
3.9MB
-
MD5
17f69ab64673319e50482b1ebe245ca5
-
SHA1
af84935075f81a1906e0f4242abc851d8b9d2e82
-
SHA256
b635da778e28d1261df0a6390bce9931d193c5caf8859bd1949de287a51e14b4
-
SHA512
1d3dd8fc12fdde95785597dfcb8a0ea043fb30c192ca9ed30ec1c2deed7ea2ae0d564b8e8b7e7122f27f704eb55597b6ee1671283fd037e5bd70f0d705cec599
-
SSDEEP
98304:lzZ42i53gAUP71HtcjRkVfQIjiEsgYY9l7l:dOaA0HtcjKVfQIbJ
Score10/10-
Detect Neshta payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-