General
-
Target
88679797aff29f111d110ccc9cc9fd2c
-
Size
1.9MB
-
Sample
231219-ygxwxsfbhm
-
MD5
88679797aff29f111d110ccc9cc9fd2c
-
SHA1
adde4a3e6631aa0f82e5b0bf6bd8b917d78bad63
-
SHA256
971dea6d176bb8bdae2c6570bbdee5fd41c447c6cbb79a8643c76991c8f988aa
-
SHA512
65eec81dcb0c0e92f528031fbf619b656e9b2856a02190cbb9c57c38e785f3c2bac713297392c590f6b1136e5343424db869e1ed2c63799c41975018e7c1b548
-
SSDEEP
49152:nzzs3PnDN+gqsJjvpcIJKbahPEwbzN6pt:03p+7Wp9hPEwnNm
Malware Config
Extracted
bitrat
1.38
jairoandresotalvarorend.linkpc.net:9069
-
communication_password
bfdba24ee3d61f0260c4dc1034c3ee43
-
install_dir
windownslogoinicdiodir
-
install_file
windownslogoiniciod.exe
-
tor_process
tor
Targets
-
-
Target
88679797aff29f111d110ccc9cc9fd2c
-
Size
1.9MB
-
MD5
88679797aff29f111d110ccc9cc9fd2c
-
SHA1
adde4a3e6631aa0f82e5b0bf6bd8b917d78bad63
-
SHA256
971dea6d176bb8bdae2c6570bbdee5fd41c447c6cbb79a8643c76991c8f988aa
-
SHA512
65eec81dcb0c0e92f528031fbf619b656e9b2856a02190cbb9c57c38e785f3c2bac713297392c590f6b1136e5343424db869e1ed2c63799c41975018e7c1b548
-
SSDEEP
49152:nzzs3PnDN+gqsJjvpcIJKbahPEwbzN6pt:03p+7Wp9hPEwnNm
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-