General
-
Target
9628afc9116db52960422b598996d19f.exe
-
Size
192KB
-
Sample
221022-pvlw5sdcep
-
MD5
9628afc9116db52960422b598996d19f
-
SHA1
6432cc7a73276e9100d5be8de087e4e1fef628be
-
SHA256
453fb1c4b3b48361fa8a67dcedf1eaec39449cb5a146a7770c63d1dc0d7562f0
-
SHA512
08c57c2678efcdbc3805073e5e3694007cc489f7f9b76984109219d1722f840cb655aae5d170c22f321a8351f42eca0880c9abfd5d1bae8e106488b1efa96f78
-
SSDEEP
1536:MYB+R6Hwvj1p3w45pEdhKzocSFeuiS2FIlKXz0PEziNQKjod:VBvwvj1Zw4ghKzocSFeuiS2FIIAwKod
Malware Config
Extracted
bitrat
1.38
gh9st.mywire.org:5005
-
communication_password
803355ca422bf9b37bc523a750e21842
-
install_dir
svcsvc
-
install_file
svcsvc.exe
-
tor_process
tor
Targets
-
-
Target
9628afc9116db52960422b598996d19f.exe
-
Size
192KB
-
MD5
9628afc9116db52960422b598996d19f
-
SHA1
6432cc7a73276e9100d5be8de087e4e1fef628be
-
SHA256
453fb1c4b3b48361fa8a67dcedf1eaec39449cb5a146a7770c63d1dc0d7562f0
-
SHA512
08c57c2678efcdbc3805073e5e3694007cc489f7f9b76984109219d1722f840cb655aae5d170c22f321a8351f42eca0880c9abfd5d1bae8e106488b1efa96f78
-
SSDEEP
1536:MYB+R6Hwvj1p3w45pEdhKzocSFeuiS2FIlKXz0PEziNQKjod:VBvwvj1Zw4ghKzocSFeuiS2FIIAwKod
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-