General
-
Target
a5a6fbe5e7f86784d14ce1f4d7672f6b.bin
-
Size
2KB
-
Sample
230319-wtc16sbf6z
-
MD5
2eb0babd5e2e3ad12c9e7f18dc1c31f0
-
SHA1
52a9073b7432cbadcef1fa60d4b8070febd160a2
-
SHA256
246ef46413460148586faa3c3a29576eb310eef3cd53600ab31f966d41812240
-
SHA512
40b73c646242d1a3e3d9a65288645fb21f708cec2d65b3a6f8dc246699e381a50a700cc39b0baa97db13a414b6df0b6573def67be42d31a64191868baf681cc6
Malware Config
Extracted
bitrat
1.38
74.201.28.92:3569
-
communication_password
148b191cf4e80b549e1b1a4444f2bdf6
-
tor_process
tor
Targets
-
-
Target
7f55a7b60a243743fe8f8f25220e8aae506d985ff963587200329f229cca2248.doc
-
Size
3KB
-
MD5
a5a6fbe5e7f86784d14ce1f4d7672f6b
-
SHA1
c8b9fc16cea841705b1b80152cc95f3322799c80
-
SHA256
7f55a7b60a243743fe8f8f25220e8aae506d985ff963587200329f229cca2248
-
SHA512
322944cc12604db232973329f9ad5e49c034d9ca4e55ffba3ddc8b4d2dc815c2afaeddae740436d07c88f46d9017902c88dac0cdc0610dcbd47cb9d0825218b3
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-