General
-
Target
SecuriteInfo.com.Trojan.Heur.IEC.908d4036d15.26473.7906.exe
-
Size
12KB
-
Sample
221109-mwp9vagbd3
-
MD5
6cf48390a34ca29ca93ed9d1233a867b
-
SHA1
91be3e627987d930bb19bd47a23fce1cfa2c7775
-
SHA256
5d96c7e165399a26f874e14e20ab5277914f4fceeda523a2e2c805a9d8047a15
-
SHA512
160dedaa9c589386ff759cfa457da10d442b520e17e091243ed7a33cf9b7eff30fd7b170343082e770465691503e1722564ca8687dd006d8f1285dd1222faf7b
-
SSDEEP
192:X3LbBdjbp21sijBFR1TTgJMRqIcuuufNva:n3B5bpynTTEKRdN
Malware Config
Extracted
bitrat
1.38
37.139.128.233:3569
-
communication_password
ce952068942604a6d6df06ed5002fad6
-
tor_process
tor
Targets
-
-
Target
SecuriteInfo.com.Trojan.Heur.IEC.908d4036d15.26473.7906.exe
-
Size
12KB
-
MD5
6cf48390a34ca29ca93ed9d1233a867b
-
SHA1
91be3e627987d930bb19bd47a23fce1cfa2c7775
-
SHA256
5d96c7e165399a26f874e14e20ab5277914f4fceeda523a2e2c805a9d8047a15
-
SHA512
160dedaa9c589386ff759cfa457da10d442b520e17e091243ed7a33cf9b7eff30fd7b170343082e770465691503e1722564ca8687dd006d8f1285dd1222faf7b
-
SSDEEP
192:X3LbBdjbp21sijBFR1TTgJMRqIcuuufNva:n3B5bpynTTEKRdN
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-