General
-
Target
6e9fc38aae3c403eb2a1664292b2bacc85721410b2568cfa36a1d00fc9b4d05c.exe
-
Size
747KB
-
Sample
221109-qex5xahbd3
-
MD5
26fd6582dda8a993841ddbeeb895620c
-
SHA1
2f55538f8eced2af4d7e98dbd380df297662d8f7
-
SHA256
6e9fc38aae3c403eb2a1664292b2bacc85721410b2568cfa36a1d00fc9b4d05c
-
SHA512
1ce91496c6709bc6d71a158777912af2834397742adade6d6a79d958df93697473e72225ea34bd63f6694807df94526cfa1b79ef8b6fd9ef378a23c19af12a80
-
SSDEEP
12288:QFwXm1eLcZbP9mpAmFXZ5e0mvXTeYZITtsUXqvxwUxLfHazzJr0:QFGQeabFmKmFzhmvJWuxPB
Malware Config
Extracted
bitrat
1.38
winery.nsupdate.info:5877
-
communication_password
e5ff7c52fb3501484ea7ca8641803415
-
tor_process
tor
Targets
-
-
Target
6e9fc38aae3c403eb2a1664292b2bacc85721410b2568cfa36a1d00fc9b4d05c.exe
-
Size
747KB
-
MD5
26fd6582dda8a993841ddbeeb895620c
-
SHA1
2f55538f8eced2af4d7e98dbd380df297662d8f7
-
SHA256
6e9fc38aae3c403eb2a1664292b2bacc85721410b2568cfa36a1d00fc9b4d05c
-
SHA512
1ce91496c6709bc6d71a158777912af2834397742adade6d6a79d958df93697473e72225ea34bd63f6694807df94526cfa1b79ef8b6fd9ef378a23c19af12a80
-
SSDEEP
12288:QFwXm1eLcZbP9mpAmFXZ5e0mvXTeYZITtsUXqvxwUxLfHazzJr0:QFGQeabFmKmFzhmvJWuxPB
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-