General
-
Target
d76d0c80f55b69dc7c4622a3166d4b7a170c28e939bc052e11fcbdb056ef1239
-
Size
1.9MB
-
Sample
221022-he8bwabddq
-
MD5
ddc3e1356b7807146d75a4eee20f96dd
-
SHA1
7499a3593d4308a2208c01e766fddbf93954c61e
-
SHA256
d76d0c80f55b69dc7c4622a3166d4b7a170c28e939bc052e11fcbdb056ef1239
-
SHA512
250e6b7816d000a40bb272a274490325a59a87dce55b9705b65ef4e9f7c81344b93a4c2bf5125f23928f81c36231645197efcaa266c79dc07e2cf44fbf996663
-
SSDEEP
49152:GzSJh0i1ZvjqB0LNlFRx9BWcWIqEBddvw:GgjvjqQR5WcWIqab
Malware Config
Extracted
bitrat
1.38
gh9st.mywire.org:5005
-
communication_password
803355ca422bf9b37bc523a750e21842
-
install_dir
svcsvc
-
install_file
svcsvc.exe
-
tor_process
tor
Targets
-
-
Target
d76d0c80f55b69dc7c4622a3166d4b7a170c28e939bc052e11fcbdb056ef1239
-
Size
1.9MB
-
MD5
ddc3e1356b7807146d75a4eee20f96dd
-
SHA1
7499a3593d4308a2208c01e766fddbf93954c61e
-
SHA256
d76d0c80f55b69dc7c4622a3166d4b7a170c28e939bc052e11fcbdb056ef1239
-
SHA512
250e6b7816d000a40bb272a274490325a59a87dce55b9705b65ef4e9f7c81344b93a4c2bf5125f23928f81c36231645197efcaa266c79dc07e2cf44fbf996663
-
SSDEEP
49152:GzSJh0i1ZvjqB0LNlFRx9BWcWIqEBddvw:GgjvjqQR5WcWIqab
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-