General
-
Target
88ab07c52703743422b32c40089601ed.exe
-
Size
72KB
-
Sample
230308-cjqdzade65
-
MD5
88ab07c52703743422b32c40089601ed
-
SHA1
5c3bf16f3db88862a66e99912e6fb82e25ce3a10
-
SHA256
790ec551f63688e1dbeffa8e41660dca92a554e5960f8c8095b92b0b7e78fc99
-
SHA512
bf7dc6ba3c378c226bb2f9226219c2267f21c605c7ca28b1ba13f03e248e0a138f307ea4f3d5c84cb5f23af034094968fee1536b9e93bf24bfe70545f9ec68df
-
SSDEEP
192:G2pN99ZwLa9l7X4nuInO+++++++++++++++++++++++++++++++++++++++++++j:Gsv9WL4xmhZilZq4KCm+ApH1ThO/Ff
Malware Config
Extracted
bitrat
1.38
pradeepprabhu705.hopto.org:312
-
communication_password
827ccb0eea8a706c4c34a16891f84e7b
-
tor_process
tor
Targets
-
-
Target
88ab07c52703743422b32c40089601ed.exe
-
Size
72KB
-
MD5
88ab07c52703743422b32c40089601ed
-
SHA1
5c3bf16f3db88862a66e99912e6fb82e25ce3a10
-
SHA256
790ec551f63688e1dbeffa8e41660dca92a554e5960f8c8095b92b0b7e78fc99
-
SHA512
bf7dc6ba3c378c226bb2f9226219c2267f21c605c7ca28b1ba13f03e248e0a138f307ea4f3d5c84cb5f23af034094968fee1536b9e93bf24bfe70545f9ec68df
-
SSDEEP
192:G2pN99ZwLa9l7X4nuInO+++++++++++++++++++++++++++++++++++++++++++j:Gsv9WL4xmhZilZq4KCm+ApH1ThO/Ff
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-