General
-
Target
1986c381aa62399f7e9d0b78e220d251
-
Size
2.0MB
-
Sample
231230-qel3msggf7
-
MD5
1986c381aa62399f7e9d0b78e220d251
-
SHA1
619700a00961904426b5ecae5b344f753315738d
-
SHA256
1972ef1673d32236f0c87e52ddab2d5472af789e6de1d70ccd22c4cdf4839e54
-
SHA512
f1b7baf0576aa873c59bd0dc2eac11d297b6c1d8b6080ca99dcff694338049f09ddb66970a55a327800cbb7855b25d5548d4669426732761bd81991d478d1f15
-
SSDEEP
49152:AYvMRWsoJqFYqKRd5AyM3xSa3jBSWC7NjPi9F+w:A9RYJqFYFxAbBSa3jAXj9w
Malware Config
Extracted
bitrat
1.38
89.248.173.187:5506
-
communication_password
fcea920f7412b5da7be0cf42b8c93759
-
install_dir
sazpclv
-
install_file
wmzr.exe
-
tor_process
tor
Targets
-
-
Target
1986c381aa62399f7e9d0b78e220d251
-
Size
2.0MB
-
MD5
1986c381aa62399f7e9d0b78e220d251
-
SHA1
619700a00961904426b5ecae5b344f753315738d
-
SHA256
1972ef1673d32236f0c87e52ddab2d5472af789e6de1d70ccd22c4cdf4839e54
-
SHA512
f1b7baf0576aa873c59bd0dc2eac11d297b6c1d8b6080ca99dcff694338049f09ddb66970a55a327800cbb7855b25d5548d4669426732761bd81991d478d1f15
-
SSDEEP
49152:AYvMRWsoJqFYqKRd5AyM3xSa3jBSWC7NjPi9F+w:A9RYJqFYFxAbBSa3jAXj9w
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-