General
-
Target
f3f63e0c0e14e45ac4a24fd867417d6b.exe
-
Size
58KB
-
Sample
221120-fjg95sge69
-
MD5
f3f63e0c0e14e45ac4a24fd867417d6b
-
SHA1
0c1fba255459f9c553716182c41905ec87ee66f9
-
SHA256
8d5f868a2c1a386df121fbd941cb9b5510270d34674e964bbe3a7a36d7877577
-
SHA512
28bd4fe578e984f7db7798612c6f669d18eaf3b37f985e39a0a6ae557e520b9f0f09689940ced9c0a622f35fdd5e6a2919eab68d2d7aa606e21e26a0876c1d85
-
SSDEEP
768:AqHr9Fv5EOAMVweJTVXmZOVplA8nv6pauSF1PyZO3JeUMO4Jtx0j7W76cAYMb55:Amrnv5LfVweZVWCp28hHIO5e1a74/+
Malware Config
Extracted
bitrat
1.38
monedisssxv.duckdns.org:9090
-
communication_password
81dc9bdb52d04dc20036dbd8313ed055
-
install_dir
AppData.exe
-
install_file
compa
-
tor_process
tor
Targets
-
-
Target
f3f63e0c0e14e45ac4a24fd867417d6b.exe
-
Size
58KB
-
MD5
f3f63e0c0e14e45ac4a24fd867417d6b
-
SHA1
0c1fba255459f9c553716182c41905ec87ee66f9
-
SHA256
8d5f868a2c1a386df121fbd941cb9b5510270d34674e964bbe3a7a36d7877577
-
SHA512
28bd4fe578e984f7db7798612c6f669d18eaf3b37f985e39a0a6ae557e520b9f0f09689940ced9c0a622f35fdd5e6a2919eab68d2d7aa606e21e26a0876c1d85
-
SSDEEP
768:AqHr9Fv5EOAMVweJTVXmZOVplA8nv6pauSF1PyZO3JeUMO4Jtx0j7W76cAYMb55:Amrnv5LfVweZVWCp28hHIO5e1a74/+
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-