General
-
Target
11a1756f1a0d950273debd39cbf1f99b515cff9d46b2e78a533bd4100e078a12
-
Size
5.0MB
-
Sample
230129-1vdrbafg9t
-
MD5
4c5c017fa0cf51bd814bd877d4448300
-
SHA1
a94fec80255175db3e2a938c02a9b173e0fb498d
-
SHA256
11a1756f1a0d950273debd39cbf1f99b515cff9d46b2e78a533bd4100e078a12
-
SHA512
c3ef6c72c504e94de1ad8ac9fd75911a754e7ffbc87e5885029e0b668c938632c66d6cdad34caf0a8bb46aa886eda2fa970887e9eb61317d2bfe74e9b1627c2c
-
SSDEEP
98304:L7VmgrLl6EeNQ0kKDhLa1xecuMJWJ4qnP6x0V2ucdIlpzd3kU2V:LlLSQ0Nirvk2qSxHyzd3kn
Malware Config
Extracted
bitrat
1.34
185.157.161.104:65312
-
communication_password
81dc9bdb52d04dc20036dbd8313ed055
-
tor_process
tor
Targets
-
-
Target
11a1756f1a0d950273debd39cbf1f99b515cff9d46b2e78a533bd4100e078a12
-
Size
5.0MB
-
MD5
4c5c017fa0cf51bd814bd877d4448300
-
SHA1
a94fec80255175db3e2a938c02a9b173e0fb498d
-
SHA256
11a1756f1a0d950273debd39cbf1f99b515cff9d46b2e78a533bd4100e078a12
-
SHA512
c3ef6c72c504e94de1ad8ac9fd75911a754e7ffbc87e5885029e0b668c938632c66d6cdad34caf0a8bb46aa886eda2fa970887e9eb61317d2bfe74e9b1627c2c
-
SSDEEP
98304:L7VmgrLl6EeNQ0kKDhLa1xecuMJWJ4qnP6x0V2ucdIlpzd3kU2V:LlLSQ0Nirvk2qSxHyzd3kn
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-