General
-
Target
8e3bce07666fd0f9f811c457ed7af20b
-
Size
2.2MB
-
Sample
231219-ywmphaaehq
-
MD5
8e3bce07666fd0f9f811c457ed7af20b
-
SHA1
ec76d846f02926cfe67166554e9c060222527c08
-
SHA256
1e7241871b2af1f8488a0812f273b73f86d2c9f2ce7b0e6bf3b1fc6a46bd27d3
-
SHA512
52da7228497d6974a8597d8fed5e0a0b1a87b0b487891d4147bcff1b8cab0ff383e017f7a0c80c6b1c1df3db18397f620623118346c1e871dd513202ef4e365e
-
SSDEEP
49152:fd4cfizng5F5A48pMXEztH1TX3LlrmovkoaSv4bQkEL5Qqkz:Ff8g75A4We6/TXbQovrWbQkELixz
Malware Config
Extracted
bitrat
1.38
jairoandresotalvarorend.linkpc.net:9070
-
communication_password
bfdba24ee3d61f0260c4dc1034c3ee43
-
install_dir
windownslogoiniciodir
-
install_file
windownslogoinicio.exe
-
tor_process
tor
Targets
-
-
Target
8e3bce07666fd0f9f811c457ed7af20b
-
Size
2.2MB
-
MD5
8e3bce07666fd0f9f811c457ed7af20b
-
SHA1
ec76d846f02926cfe67166554e9c060222527c08
-
SHA256
1e7241871b2af1f8488a0812f273b73f86d2c9f2ce7b0e6bf3b1fc6a46bd27d3
-
SHA512
52da7228497d6974a8597d8fed5e0a0b1a87b0b487891d4147bcff1b8cab0ff383e017f7a0c80c6b1c1df3db18397f620623118346c1e871dd513202ef4e365e
-
SSDEEP
49152:fd4cfizng5F5A48pMXEztH1TX3LlrmovkoaSv4bQkEL5Qqkz:Ff8g75A4We6/TXbQovrWbQkELixz
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-