General
-
Target
7f55a7b60a243743fe8f8f25220e8aae506d985ff963587200329f229cca2248.zip
-
Size
2KB
-
Sample
230321-rwf4dsda9v
-
MD5
2f59c36cec9143bec683a47f4c923d02
-
SHA1
e407b57460b4c2955c4a445e8214baaed3424dba
-
SHA256
ac56401310021b5f3fe74d1991b9cbf46440c622f11b744589d06f44c526ee36
-
SHA512
535606b4dd740817c524c473a8dfbab68540ddbcdab8cb93ec4240c1cebda957b5724e584fc96e33b5c0b24872df90946af9b1bf93e834ecfe13e2163a64d600
Malware Config
Extracted
bitrat
1.38
74.201.28.92:3569
-
communication_password
148b191cf4e80b549e1b1a4444f2bdf6
-
tor_process
tor
Targets
-
-
Target
7f55a7b60a243743fe8f8f25220e8aae506d985ff963587200329f229cca2248.doc
-
Size
3KB
-
MD5
a5a6fbe5e7f86784d14ce1f4d7672f6b
-
SHA1
c8b9fc16cea841705b1b80152cc95f3322799c80
-
SHA256
7f55a7b60a243743fe8f8f25220e8aae506d985ff963587200329f229cca2248
-
SHA512
322944cc12604db232973329f9ad5e49c034d9ca4e55ffba3ddc8b4d2dc815c2afaeddae740436d07c88f46d9017902c88dac0cdc0610dcbd47cb9d0825218b3
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-