General
-
Target
zapitvane marko bulgaria eood.doc
-
Size
3KB
-
Sample
230314-x2wc6abc6t
-
MD5
93671555d60537ba07df133dda8592a2
-
SHA1
396ab1b853fac12d406bc1687cf18cb0a2cc061e
-
SHA256
833747fe3feaca3e71a38cc66ee5003a846fc43a61e8a59e093a23c5b260ef90
-
SHA512
8d03fcc1a697a8150ce7d2325e65a329d8d870a185b66cdb9ae70c84aecd9983913c12b48902d2b3f7553378617dee533363ac759bef1c8c502903f3016d6a6f
Malware Config
Extracted
bitrat
1.38
74.201.28.92:3569
-
communication_password
148b191cf4e80b549e1b1a4444f2bdf6
-
tor_process
tor
Targets
-
-
Target
zapitvane marko bulgaria eood.doc
-
Size
3KB
-
MD5
93671555d60537ba07df133dda8592a2
-
SHA1
396ab1b853fac12d406bc1687cf18cb0a2cc061e
-
SHA256
833747fe3feaca3e71a38cc66ee5003a846fc43a61e8a59e093a23c5b260ef90
-
SHA512
8d03fcc1a697a8150ce7d2325e65a329d8d870a185b66cdb9ae70c84aecd9983913c12b48902d2b3f7553378617dee533363ac759bef1c8c502903f3016d6a6f
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-