General
-
Target
494ac754c467b6a3b3fc99a0d6c015b5.exe
-
Size
5.1MB
-
Sample
221006-z7bbaabafm
-
MD5
494ac754c467b6a3b3fc99a0d6c015b5
-
SHA1
a441b8fb0463c09dd2fede4427280a47bab7ce64
-
SHA256
4de2cc756df96a38b545b8ca2d3961878b08fe4439c102c339c2fc16596c5423
-
SHA512
5bf91836bf410bdd654dceb53bd7011b3211620606096a0bea0c89c96ea2195f7bd8c98a1b83b35a984e75a90059e59eb8493c2cc75ee99370d1c1bb1b62191b
-
SSDEEP
24576:h1kp8QPf2T4+eDjwnEPI+rfb0jq38SkUYvSmbMKVaUBXehOEAhqzuq5mbjNnYQbQ:LM1O7n7u69cZ4Sxc0+T5XY
Malware Config
Extracted
bitrat
1.38
bendicion777.con-ip.com:7777
-
communication_password
202cb962ac59075b964b07152d234b70
-
tor_process
tor
Targets
-
-
Target
494ac754c467b6a3b3fc99a0d6c015b5.exe
-
Size
5.1MB
-
MD5
494ac754c467b6a3b3fc99a0d6c015b5
-
SHA1
a441b8fb0463c09dd2fede4427280a47bab7ce64
-
SHA256
4de2cc756df96a38b545b8ca2d3961878b08fe4439c102c339c2fc16596c5423
-
SHA512
5bf91836bf410bdd654dceb53bd7011b3211620606096a0bea0c89c96ea2195f7bd8c98a1b83b35a984e75a90059e59eb8493c2cc75ee99370d1c1bb1b62191b
-
SSDEEP
24576:h1kp8QPf2T4+eDjwnEPI+rfb0jq38SkUYvSmbMKVaUBXehOEAhqzuq5mbjNnYQbQ:LM1O7n7u69cZ4Sxc0+T5XY
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-