General
-
Target
tmp
-
Size
4.7MB
-
Sample
221022-yeqd3aedf8
-
MD5
fea9e6588163a319883a3b4d9b1f48fe
-
SHA1
56365a251100676323840fa5dfdabaad99f2f772
-
SHA256
92a433340dd32cb379159432fbc26a6f2ca495ef97c31f7fd333913ced03d773
-
SHA512
1ff3265167ee61827fd19818da1bcf8f5abd97fa7cf4f601e7dcab7b19cb5fc14b0b21b7966ed174e5f055344fb97b54791be47e15a8a7642f853ea855d65cab
-
SSDEEP
24576:MztFdtnYQb6VOFv1bdLOqGmXL4pu2OqfNoROKiuHym1fkBonH6X7GUAUTiS0YZRT:
Malware Config
Extracted
bitrat
1.38
gh9st.mywire.org:5005
-
communication_password
803355ca422bf9b37bc523a750e21842
-
install_dir
svcsvc
-
install_file
svcsvc.exe
-
tor_process
tor
Targets
-
-
Target
tmp
-
Size
4.7MB
-
MD5
fea9e6588163a319883a3b4d9b1f48fe
-
SHA1
56365a251100676323840fa5dfdabaad99f2f772
-
SHA256
92a433340dd32cb379159432fbc26a6f2ca495ef97c31f7fd333913ced03d773
-
SHA512
1ff3265167ee61827fd19818da1bcf8f5abd97fa7cf4f601e7dcab7b19cb5fc14b0b21b7966ed174e5f055344fb97b54791be47e15a8a7642f853ea855d65cab
-
SSDEEP
24576:MztFdtnYQb6VOFv1bdLOqGmXL4pu2OqfNoROKiuHym1fkBonH6X7GUAUTiS0YZRT:
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-