General
-
Target
ea5b9af55f33912956438ccf8cea5222deb2b471368d68bd3c7e74b695ade0a8
-
Size
6.6MB
-
Sample
221130-s5szzsdb22
-
MD5
df7bec3ebd1cf62432e9ab9fe2205e64
-
SHA1
a34d9f51c7468937537e0f272a4ac937b9db2c9d
-
SHA256
ea5b9af55f33912956438ccf8cea5222deb2b471368d68bd3c7e74b695ade0a8
-
SHA512
9b5cbb079ba64f735ae97aceb0b2bbe3b7005021f0f01b072eb2d54df0ab9104de1e159bcdd18c1eada80d213b4e291aa298c81d773a1a53d376d42679c2f914
-
SSDEEP
196608:z8mqgGTE/PVXkn/Z/lJLqHPaKSjqsASB5GizcQ5NMs7u:4rnY/BmhLS39SB5GigQ5NMs
Malware Config
Extracted
bitrat
1.34
zwlknt25w6fs6ffnkllvutcepgp7mz6dsndkbki4l2fr27rnk7o4b7yd.onion:80
-
communication_password
81dc9bdb52d04dc20036dbd8313ed055
-
tor_process
TORBUILD
Targets
-
-
Target
ea5b9af55f33912956438ccf8cea5222deb2b471368d68bd3c7e74b695ade0a8
-
Size
6.6MB
-
MD5
df7bec3ebd1cf62432e9ab9fe2205e64
-
SHA1
a34d9f51c7468937537e0f272a4ac937b9db2c9d
-
SHA256
ea5b9af55f33912956438ccf8cea5222deb2b471368d68bd3c7e74b695ade0a8
-
SHA512
9b5cbb079ba64f735ae97aceb0b2bbe3b7005021f0f01b072eb2d54df0ab9104de1e159bcdd18c1eada80d213b4e291aa298c81d773a1a53d376d42679c2f914
-
SSDEEP
196608:z8mqgGTE/PVXkn/Z/lJLqHPaKSjqsASB5GizcQ5NMs7u:4rnY/BmhLS39SB5GigQ5NMs
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-