General
-
Target
5e7de1a3b9d27f2b003f57671ebbd4dc
-
Size
3.5MB
-
Sample
240116-atpjbahfcl
-
MD5
5e7de1a3b9d27f2b003f57671ebbd4dc
-
SHA1
8f26306c1bd5d61977cd90dbe843752a36b6e751
-
SHA256
6e2510a76f130a0a009432183ed26d35d328cf34e8b4c9655327a9a8a89b8dd7
-
SHA512
c555ba78be66c8c24383438d00d87e302ce410ed46e14680edb7b17eab84457523b4c004e0f775f2cc092beafd4ca10fc45fa716bcfea39d7216a519b7352b1e
-
SSDEEP
98304:nQJfSTwwG0lPHCwsteuUwl6ORy2apSRQ+yqFB3:nQwZGGfhzwFEwa+yq
Malware Config
Extracted
bitrat
1.38
snkno.duckdns.org:43413
-
communication_password
827ccb0eea8a706c4c34a16891f84e7b
-
tor_process
tor
Targets
-
-
Target
5e7de1a3b9d27f2b003f57671ebbd4dc
-
Size
3.5MB
-
MD5
5e7de1a3b9d27f2b003f57671ebbd4dc
-
SHA1
8f26306c1bd5d61977cd90dbe843752a36b6e751
-
SHA256
6e2510a76f130a0a009432183ed26d35d328cf34e8b4c9655327a9a8a89b8dd7
-
SHA512
c555ba78be66c8c24383438d00d87e302ce410ed46e14680edb7b17eab84457523b4c004e0f775f2cc092beafd4ca10fc45fa716bcfea39d7216a519b7352b1e
-
SSDEEP
98304:nQJfSTwwG0lPHCwsteuUwl6ORy2apSRQ+yqFB3:nQwZGGfhzwFEwa+yq
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-