General
-
Target
boolhongupdater0.2.exe
-
Size
3.1MB
-
Sample
230901-gtcm3sdb76
-
MD5
e03f0567a9bb99e664bdc1d12aa21677
-
SHA1
8483f5a57b107430cc899f5bfb1dfa434e3690a5
-
SHA256
4cb6e9aebf1e565f4cb11b4bddcf9b7afcf56c390c1e2d849a64b31b997547ae
-
SHA512
31c82a1ae1aa3799e6a96fd350baf7036c1abd9898f108ac478d7b10a63749353b644eeb691b9e108d0a4a7f8a1f11c0b051002e39a2f9c035fbfaf0dbef2dea
-
SSDEEP
49152:ImK/wTPCM7YgUtlCUr8j2f0alT7Vzw3OBT+7Gm8vo4j3cxeHHxzB1A1Jcea:IkKM7eXhgMT763OEv8wQsIVB61/a
Malware Config
Extracted
bitrat
1.38
rornfl12.duckdns.org:3072
-
communication_password
81dc9bdb52d04dc20036dbd8313ed055
-
install_dir
chrome
-
install_file
updater
-
tor_process
tor
Targets
-
-
Target
boolhongupdater0.2.exe
-
Size
3.1MB
-
MD5
e03f0567a9bb99e664bdc1d12aa21677
-
SHA1
8483f5a57b107430cc899f5bfb1dfa434e3690a5
-
SHA256
4cb6e9aebf1e565f4cb11b4bddcf9b7afcf56c390c1e2d849a64b31b997547ae
-
SHA512
31c82a1ae1aa3799e6a96fd350baf7036c1abd9898f108ac478d7b10a63749353b644eeb691b9e108d0a4a7f8a1f11c0b051002e39a2f9c035fbfaf0dbef2dea
-
SSDEEP
49152:ImK/wTPCM7YgUtlCUr8j2f0alT7Vzw3OBT+7Gm8vo4j3cxeHHxzB1A1Jcea:IkKM7eXhgMT763OEv8wQsIVB61/a
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-