General
-
Target
d92e6b60eecc9c96a1ad74e2d5c9ccba
-
Size
2.3MB
-
Sample
231228-mlzersfbc8
-
MD5
d92e6b60eecc9c96a1ad74e2d5c9ccba
-
SHA1
d7fcb40fa9a63dfaef531600da64c135d3079bd2
-
SHA256
8efce4180ae0e0f3c75dd2e13e44288c4352223f4b556c43bbb5cb96f8aec3ee
-
SHA512
ef9430611ea5b79108481cfa80961c569f0e2df82503afedff382f4f9bb0ed8227687a46b1c4e14af5692d81031b17c0c2bdb19bfac59cc59f3c3b099a332f37
-
SSDEEP
24576:FD+2lLAnMrJAmvGlBla8SmYU05za8oq9xKG+K/jAnKeL5qTZBHR1k85onek0nn15:FLuMNdGddGxsKrAEZZR1KneNBL2NuW
Malware Config
Extracted
bitrat
1.38
37.0.10.19:5678
-
communication_password
674f3c2c1a8a6f90461e8a66fb5550ba
-
tor_process
tor
Targets
-
-
Target
d92e6b60eecc9c96a1ad74e2d5c9ccba
-
Size
2.3MB
-
MD5
d92e6b60eecc9c96a1ad74e2d5c9ccba
-
SHA1
d7fcb40fa9a63dfaef531600da64c135d3079bd2
-
SHA256
8efce4180ae0e0f3c75dd2e13e44288c4352223f4b556c43bbb5cb96f8aec3ee
-
SHA512
ef9430611ea5b79108481cfa80961c569f0e2df82503afedff382f4f9bb0ed8227687a46b1c4e14af5692d81031b17c0c2bdb19bfac59cc59f3c3b099a332f37
-
SSDEEP
24576:FD+2lLAnMrJAmvGlBla8SmYU05za8oq9xKG+K/jAnKeL5qTZBHR1k85onek0nn15:FLuMNdGddGxsKrAEZZR1KneNBL2NuW
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-