General
-
Target
Agmyifoqpppqql.exe
-
Size
862KB
-
Sample
221129-sgrf9aag92
-
MD5
3ef0ccacab6da0cc01820bef21c54d16
-
SHA1
be6ad9046732a3e90272ddc7f561180fb003f909
-
SHA256
0dec26f0ed31eafa41f5141a4342f84f5245ba6d097904ed1fdb11a6df1ce606
-
SHA512
cd6810886e0fc82a7b7e4de2f81f9e8458676895511f24af4c332866af20482745557b40bc3ae8ce8d4958c6d8d40bd843ee17c46a7c56114c9cfdbba48f6593
-
SSDEEP
12288:fSj5lclcaywFMtTPWQOQSJU3FtJlpCBIUQZC2fRuHT6Kk/RqIkr:fSVKFp6rfn/VXPCyE2fMuqI
Malware Config
Extracted
bitrat
1.38
su1d.nerdpol.ovh:2288
-
communication_password
653d716345d8915046b904b90f41f271
-
tor_process
tor
Targets
-
-
Target
Agmyifoqpppqql.exe
-
Size
862KB
-
MD5
3ef0ccacab6da0cc01820bef21c54d16
-
SHA1
be6ad9046732a3e90272ddc7f561180fb003f909
-
SHA256
0dec26f0ed31eafa41f5141a4342f84f5245ba6d097904ed1fdb11a6df1ce606
-
SHA512
cd6810886e0fc82a7b7e4de2f81f9e8458676895511f24af4c332866af20482745557b40bc3ae8ce8d4958c6d8d40bd843ee17c46a7c56114c9cfdbba48f6593
-
SSDEEP
12288:fSj5lclcaywFMtTPWQOQSJU3FtJlpCBIUQZC2fRuHT6Kk/RqIkr:fSVKFp6rfn/VXPCyE2fMuqI
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-