General
-
Target
618b42e14d1b6476e4880d99ca6fa8dd
-
Size
2.0MB
-
Sample
240117-dab1nafceq
-
MD5
618b42e14d1b6476e4880d99ca6fa8dd
-
SHA1
c939cb3334a913567607b6f85f3b86278b7a9267
-
SHA256
9c6984f9235508550479de6e3c40425ccfd0513a5f7718da2df0c2f7859fc55f
-
SHA512
09c73eb8b226cbcea440329bac4b50f1bfee9078ddbd32fce6cad914a849f1d0f97f087d218de43f6e75b50e26bbf5a1625598975deaac290c94e58caccd62ca
-
SSDEEP
49152:CdWbX42j7fxTxJkiFLIe3xlkG31GyXygHheYNr1IVZQT:CdWbX4srBxJlFEe3x+85HhTNr1IVZQT
Malware Config
Extracted
bitrat
1.38
162.33.178.83:6969
-
communication_password
1d85fa3449602b11c72669aa360263fb
-
tor_process
tor
Targets
-
-
Target
618b42e14d1b6476e4880d99ca6fa8dd
-
Size
2.0MB
-
MD5
618b42e14d1b6476e4880d99ca6fa8dd
-
SHA1
c939cb3334a913567607b6f85f3b86278b7a9267
-
SHA256
9c6984f9235508550479de6e3c40425ccfd0513a5f7718da2df0c2f7859fc55f
-
SHA512
09c73eb8b226cbcea440329bac4b50f1bfee9078ddbd32fce6cad914a849f1d0f97f087d218de43f6e75b50e26bbf5a1625598975deaac290c94e58caccd62ca
-
SSDEEP
49152:CdWbX42j7fxTxJkiFLIe3xlkG31GyXygHheYNr1IVZQT:CdWbX4srBxJlFEe3x+85HhTNr1IVZQT
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-