General
-
Target
bdc7fa90a1a4ae03e63fe914c7222cd7019d1b3cd0676fa5ee3f6f7c04416d7b
-
Size
8.7MB
-
Sample
221130-rwc2qshc73
-
MD5
99da955426a8cfa74ac059a995a2a9a6
-
SHA1
cc6d485ed25c1e25fad316c51a5529f0e646c68e
-
SHA256
bdc7fa90a1a4ae03e63fe914c7222cd7019d1b3cd0676fa5ee3f6f7c04416d7b
-
SHA512
e0a0430f929d71396c48ce3687652ebfac26490c17c5da091562804ecc4b023639548416bafffd2f2ab2ab00c1ecebcd8b7cad8a34c113f0031dc5cd14ddc67d
-
SSDEEP
98304:LPzDGc/41Hm1mVCZhKNNX5jA8HynvsXmsXpwkeikcfCtX/rjCiGUJ7W7+iQI0gVO:Lao1j+/5kOyn02sXp8pcfkDjHhiz08O
Malware Config
Extracted
bitrat
1.34
zeunc5eb7ccgvaz5fxhqzgycrlsilnezv42wytlf6alvcfghlhhy27qd.onion:80
-
communication_password
81dc9bdb52d04dc20036dbd8313ed055
-
tor_process
TORBUILD
Targets
-
-
Target
bdc7fa90a1a4ae03e63fe914c7222cd7019d1b3cd0676fa5ee3f6f7c04416d7b
-
Size
8.7MB
-
MD5
99da955426a8cfa74ac059a995a2a9a6
-
SHA1
cc6d485ed25c1e25fad316c51a5529f0e646c68e
-
SHA256
bdc7fa90a1a4ae03e63fe914c7222cd7019d1b3cd0676fa5ee3f6f7c04416d7b
-
SHA512
e0a0430f929d71396c48ce3687652ebfac26490c17c5da091562804ecc4b023639548416bafffd2f2ab2ab00c1ecebcd8b7cad8a34c113f0031dc5cd14ddc67d
-
SSDEEP
98304:LPzDGc/41Hm1mVCZhKNNX5jA8HynvsXmsXpwkeikcfCtX/rjCiGUJ7W7+iQI0gVO:Lao1j+/5kOyn02sXp8pcfkDjHhiz08O
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-