General
-
Target
Comprob. DEPOSITO EN EFECTIVO cancelacion de FA-927347295424.exe
-
Size
3.2MB
-
Sample
220915-vahlwadfd8
-
MD5
bc350e8ec68185dca18aca4c6d774f4b
-
SHA1
2a7e884eae9a14f2583e41ce3fe4f0e32d47e0bc
-
SHA256
351237effe536fd82440d7925eff69ab1d779f226f877c7b2c592b0b0480f5ee
-
SHA512
ca7d322987d0680b2b2af844e57f368aa7dabbe2b2787a75d4965c50589521722d1ade561c0bdd20ed8fe812a309eb19967c5385e54109557f55e2dd085c2677
-
SSDEEP
98304:3lCI7fHrtFkwdYX4kBmyK/4FPQYbIQ3J5Wp:3ltLMwWnp24FP7f
Malware Config
Extracted
bitrat
1.38
pedroleonta822.con-ip.com:5020
-
communication_password
202cb962ac59075b964b07152d234b70
-
tor_process
tor
Targets
-
-
Target
Comprob. DEPOSITO EN EFECTIVO cancelacion de FA-927347295424.exe
-
Size
3.2MB
-
MD5
bc350e8ec68185dca18aca4c6d774f4b
-
SHA1
2a7e884eae9a14f2583e41ce3fe4f0e32d47e0bc
-
SHA256
351237effe536fd82440d7925eff69ab1d779f226f877c7b2c592b0b0480f5ee
-
SHA512
ca7d322987d0680b2b2af844e57f368aa7dabbe2b2787a75d4965c50589521722d1ade561c0bdd20ed8fe812a309eb19967c5385e54109557f55e2dd085c2677
-
SSDEEP
98304:3lCI7fHrtFkwdYX4kBmyK/4FPQYbIQ3J5Wp:3ltLMwWnp24FP7f
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-