General
-
Target
SecuriteInfo.com.Win32.Trojan-gen.5467.15765.exe
-
Size
1010KB
-
Sample
221205-3kelzagg36
-
MD5
2ae6e69113d98e4f3bb815c21f626496
-
SHA1
78920f0064d350e24812fda6c5658ac6177b5cf5
-
SHA256
0305b3a95aff122c888a200de747a565208ea19494c8257b0c972084141f42c4
-
SHA512
c7afbd664a2eebeeac3bdd01a359ea74da953552cad187682d431f0af754725a08f1135457618618a51bf1e3893a6c3a0c05e68172ee9eefcb020187ab8dfd0e
-
SSDEEP
24576:owfXt2qCbasU3cyK9pNhMhtrjxLF7ZQ/ronBb5:oEcO+9bh+1lLFaMnBb
Malware Config
Extracted
bitrat
1.38
winery.nsupdate.info:5877
-
communication_password
e5ff7c52fb3501484ea7ca8641803415
-
tor_process
tor
Targets
-
-
Target
SecuriteInfo.com.Win32.Trojan-gen.5467.15765.exe
-
Size
1010KB
-
MD5
2ae6e69113d98e4f3bb815c21f626496
-
SHA1
78920f0064d350e24812fda6c5658ac6177b5cf5
-
SHA256
0305b3a95aff122c888a200de747a565208ea19494c8257b0c972084141f42c4
-
SHA512
c7afbd664a2eebeeac3bdd01a359ea74da953552cad187682d431f0af754725a08f1135457618618a51bf1e3893a6c3a0c05e68172ee9eefcb020187ab8dfd0e
-
SSDEEP
24576:owfXt2qCbasU3cyK9pNhMhtrjxLF7ZQ/ronBb5:oEcO+9bh+1lLFaMnBb
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-