General
-
Target
CYFXHBF.html
-
Size
1.4MB
-
Sample
220928-z4z58sabhm
-
MD5
cd8b3a29d0d7ef90d4110e5db4f1ab31
-
SHA1
24a001db4ba57bc94daf903299536a9ce0263bad
-
SHA256
6d84e678810bd95fca73f9ca132b8f8748da8440a45a33bd8923ffe10d26eadb
-
SHA512
87a0a7e26a64d27d56343bb033707b9936e2330b043da9ba8914c5e2f9945047c322cdcc181ba55144e802f69f328abaa9ef612acd0cecb5154d2c92c98c4a1d
-
SSDEEP
24576:7ndRKZCy2BrhCeU2i2cJijFbCBTPmiY05tJMSQp5ysA7Yg1nLkzxcy9uuk2Nvv:zXDFBU2iIBb0xY/6sUYYk9nhxv
Malware Config
Extracted
bitrat
1.38
storage.nsupdate.info:8973
-
communication_password
bf771c9d082071fe80b18bb678220682
-
tor_process
tor
Targets
-
-
Target
CYFXHBF.html
-
Size
1.4MB
-
MD5
cd8b3a29d0d7ef90d4110e5db4f1ab31
-
SHA1
24a001db4ba57bc94daf903299536a9ce0263bad
-
SHA256
6d84e678810bd95fca73f9ca132b8f8748da8440a45a33bd8923ffe10d26eadb
-
SHA512
87a0a7e26a64d27d56343bb033707b9936e2330b043da9ba8914c5e2f9945047c322cdcc181ba55144e802f69f328abaa9ef612acd0cecb5154d2c92c98c4a1d
-
SSDEEP
24576:7ndRKZCy2BrhCeU2i2cJijFbCBTPmiY05tJMSQp5ysA7Yg1nLkzxcy9uuk2Nvv:zXDFBU2iIBb0xY/6sUYYk9nhxv
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
out.upx
-
Size
3.8MB
-
MD5
c6baffc3f78783d0f39aa362a1f549f5
-
SHA1
c904fe72f4cfb42c12ac2869c385a66061023feb
-
SHA256
8a3e46e4ed2c6740243393f8b94efabc1e183ef4be2079559a63c67b94aa6463
-
SHA512
f21ac5a55cb297656c4ef75dd63fdda3de30c9074bb3b7a5afb0de8a62217104f49e7c8b7295c24df7899932e5f3d598ab59319a3bf2886a941f86c39ea6e2fe
-
SSDEEP
98304:m77Pmq33rE/JDLPWZADUGer7B6iY74M/jmlwXVZ:Y+R/eZADUXR
Score3/10 -