General
-
Target
446215913dd436aae1317ad90bf75677.exe
-
Size
4.2MB
-
Sample
230311-mxtcwsbb6t
-
MD5
446215913dd436aae1317ad90bf75677
-
SHA1
6f9c887f3fe17b16045fd2fa2d754c744447a4d2
-
SHA256
4bbf8447f25f44cabc87e9e20bf6594475f999a58e86c76bbad265d1db9bd513
-
SHA512
dd1b3f89efb92245640289b43ceedbf3bb562578286966d3a72bd03ff145f36054788353d39804489174c6f9018624820f54cad560394be7cf09f5127188acb3
-
SSDEEP
98304:scyyd+oHduCY3f3rFQtAjgyzZdGxHeqWF0KfgOjCH:sAswQFQtLUGFeqlm
Malware Config
Extracted
bitrat
1.38
185.246.220.122:1488
-
communication_password
81dc9bdb52d04dc20036dbd8313ed055
-
tor_process
tor
Extracted
redline
185.246.220.122:7164
-
auth_value
bc36aaf1c6447fa611401422deaa29dd
Targets
-
-
Target
446215913dd436aae1317ad90bf75677.exe
-
Size
4.2MB
-
MD5
446215913dd436aae1317ad90bf75677
-
SHA1
6f9c887f3fe17b16045fd2fa2d754c744447a4d2
-
SHA256
4bbf8447f25f44cabc87e9e20bf6594475f999a58e86c76bbad265d1db9bd513
-
SHA512
dd1b3f89efb92245640289b43ceedbf3bb562578286966d3a72bd03ff145f36054788353d39804489174c6f9018624820f54cad560394be7cf09f5127188acb3
-
SSDEEP
98304:scyyd+oHduCY3f3rFQtAjgyzZdGxHeqWF0KfgOjCH:sAswQFQtLUGFeqlm
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-