General
-
Target
65f355ac3f88a2badf9be48edd47d730
-
Size
1.6MB
-
Sample
240118-y5nm6ahdc3
-
MD5
65f355ac3f88a2badf9be48edd47d730
-
SHA1
ea1b2bb908f6288464789d44b8f0e34b0424b68e
-
SHA256
127a77aec69d301ec0eff62153eb160c7a195df26de7ac8617572b2433be6528
-
SHA512
7bd558823c0173da40d1b990f4382329f1d95ea03215e618e6c6d97497b489cae69ddbae8b2b6641125327244e54edb253260595a4ee5bead74f48ec6b4cd681
-
SSDEEP
49152:NhVKDyZmcNu50oUsFMM8kSGO4HDbri5M/j3NWOILStmh9mmP:NhcDyZmh50zM8kdpnrIMBWpSto9l
Malware Config
Extracted
bitrat
1.38
185.244.30.143:31337
-
communication_password
3652f3e08cc9c2dc311f36700b06214e
-
install_dir
AdobeSystems
-
install_file
AdobeUpdateService.exe
-
tor_process
tor
Targets
-
-
Target
65f355ac3f88a2badf9be48edd47d730
-
Size
1.6MB
-
MD5
65f355ac3f88a2badf9be48edd47d730
-
SHA1
ea1b2bb908f6288464789d44b8f0e34b0424b68e
-
SHA256
127a77aec69d301ec0eff62153eb160c7a195df26de7ac8617572b2433be6528
-
SHA512
7bd558823c0173da40d1b990f4382329f1d95ea03215e618e6c6d97497b489cae69ddbae8b2b6641125327244e54edb253260595a4ee5bead74f48ec6b4cd681
-
SSDEEP
49152:NhVKDyZmcNu50oUsFMM8kSGO4HDbri5M/j3NWOILStmh9mmP:NhcDyZmh50zM8kdpnrIMBWpSto9l
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-