General
-
Target
0ab680b04e395b374a9a2fddeaf2ce03-sample.zip
-
Size
1.5MB
-
Sample
220913-rvb32sbfbp
-
MD5
11ed2aca52bbcc817b3d68b2c1516f74
-
SHA1
659c623639e020680ee7ea5b8155d6b4ac83578b
-
SHA256
954040312a1428eb46018d927bd9f453c6df97e3f1509cf23d89a10662ef3d2e
-
SHA512
22e6c55b8d99549f706b926619c654d14132fd72fb9f22886822ba0b881c756e38399cfce58acbbb0027e98a23f7ba7f5dafb3f23208fb8a875c337d905334a0
-
SSDEEP
24576:MCD8PcXx751cnIRj+Y+dPXgCtIeqD0HKwlpO/FvF3JowHhk4DfQY+IG:MCDa+V7j+Y+doCtIeVHr83awBkcf97G
Malware Config
Extracted
bitrat
1.38
185.174.40.147:5200
-
communication_password
e10adc3949ba59abbe56e057f20f883e
-
tor_process
tor
Targets
-
-
Target
xcfgsfaa.exe
-
Size
1.5MB
-
MD5
45fd8c84b44a20b4188de744bdf0a3f8
-
SHA1
37a13e9a7d5af87b82e55630fe78a8e12059dad5
-
SHA256
59f62f44fbd11163cb3eeb68f2b4606130dd8a01f569624ee4e4c50691c94391
-
SHA512
70e3fb0696ad94a98bef78b3fb5d8267596032eb5345b160a0820977e5a8988a382da01ff1b4eb140ac9e319f2dcf0ca7978bbb61b78880c9de5741a49fcddcf
-
SSDEEP
24576:Q4z87j9s0ML+6lvQ0QGTr8ZtkYa5yVke+MomAstHC7w3H79RBWKP:QvfWbLd7Y75+MomAstHC7wr5W
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Uses the VBS compiler for execution
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-