General
-
Target
12f62d1d462177f0fcb51cc6627eaba2
-
Size
2.0MB
-
Sample
231230-jy1a2saah8
-
MD5
12f62d1d462177f0fcb51cc6627eaba2
-
SHA1
17692a00aa4b9ec4f1116a8e3a72b11d4ad18b77
-
SHA256
503041104422bfb5194b6e599f77e984c3ded0d00dcedc69e4e8ab5e9c024b4a
-
SHA512
0e7f54d047ca4610209ac94b302110558ed0ff533c9322c23a9fb3a10c01a836bfcaa6e804479f9e1a8861cdb0a43fbc18ca3ec3007a64ac505b6ecd619928b2
-
SSDEEP
24576:FprLGtrXKqmHpIoAx1xuDYH4856J3XCT6wDapmpHZsF4VMz7KgJKpNllQMEv9tkC:KEqK6J13H4K3wpmp5sKVDOvx7tIN34
Malware Config
Extracted
bitrat
1.38
185.157.161.248:1975
-
communication_password
f49a6667c09a9e329afb64bc0a18a188
-
tor_process
tor
Targets
-
-
Target
12f62d1d462177f0fcb51cc6627eaba2
-
Size
2.0MB
-
MD5
12f62d1d462177f0fcb51cc6627eaba2
-
SHA1
17692a00aa4b9ec4f1116a8e3a72b11d4ad18b77
-
SHA256
503041104422bfb5194b6e599f77e984c3ded0d00dcedc69e4e8ab5e9c024b4a
-
SHA512
0e7f54d047ca4610209ac94b302110558ed0ff533c9322c23a9fb3a10c01a836bfcaa6e804479f9e1a8861cdb0a43fbc18ca3ec3007a64ac505b6ecd619928b2
-
SSDEEP
24576:FprLGtrXKqmHpIoAx1xuDYH4856J3XCT6wDapmpHZsF4VMz7KgJKpNllQMEv9tkC:KEqK6J13H4K3wpmp5sKVDOvx7tIN34
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-