General
-
Target
Kwhuawsibyyxjb.exe
-
Size
747KB
-
Sample
221024-pqlqksgeb5
-
MD5
78579446bf367836c91a63736e11fd3d
-
SHA1
db77cd37f44250038091fc8da16f590d7e317755
-
SHA256
ded8e87375feb200ce4b5d054d0ae8d3db28588a66071e2ef68dc3eb9fc9b084
-
SHA512
5a385080bfee20c861677b94227c12873734d3e8f34f846472fd76fa1a61640cf686f8a51633039c56c831ecbc2dc7aafff61cbf58d5162ceccf1473cc47f4ad
-
SSDEEP
12288:QFwXm1eLcZbP9mpAmFXZ5e0mvXTeYZITtsUX4vxwUxLfHazzJr0:QFGQeabFmKmFzhmvJWunPB
Malware Config
Extracted
bitrat
1.38
davidmanne.casacam.net:2223
-
communication_password
b6c6e855edf908ec7c12ce8c8e628a5c
-
tor_process
tor
Targets
-
-
Target
Kwhuawsibyyxjb.exe
-
Size
747KB
-
MD5
78579446bf367836c91a63736e11fd3d
-
SHA1
db77cd37f44250038091fc8da16f590d7e317755
-
SHA256
ded8e87375feb200ce4b5d054d0ae8d3db28588a66071e2ef68dc3eb9fc9b084
-
SHA512
5a385080bfee20c861677b94227c12873734d3e8f34f846472fd76fa1a61640cf686f8a51633039c56c831ecbc2dc7aafff61cbf58d5162ceccf1473cc47f4ad
-
SSDEEP
12288:QFwXm1eLcZbP9mpAmFXZ5e0mvXTeYZITtsUX4vxwUxLfHazzJr0:QFGQeabFmKmFzhmvJWunPB
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-