General
-
Target
7d806a8dc2cba7a19367f2df6469c637
-
Size
2.1MB
-
Sample
240128-vdd3vseac8
-
MD5
7d806a8dc2cba7a19367f2df6469c637
-
SHA1
e20e0bc603b5bb35a858e4d146e2a1a163971530
-
SHA256
c3814d14e580005378655d2ab8a2e889a0bf517b80b13e394b88d8f7e7b0d29b
-
SHA512
e8d4b5b483793ad2f655ec5e2d40388c0308d86e01995042bb5c94ad58b93a974ec041011093404faa09bc5f0982bea608f62dcd03e2e6d78cb1a5b3d7f6bf88
-
SSDEEP
49152:2uzbL+u+4fWHLY0j1IK9Fj7w1cGxRshM5q:2uvL+B8WHLXjCK9Fnccwsh9
Malware Config
Extracted
bitrat
1.38
162.33.178.83:6969
-
communication_password
1d85fa3449602b11c72669aa360263fb
-
tor_process
tor
Targets
-
-
Target
7d806a8dc2cba7a19367f2df6469c637
-
Size
2.1MB
-
MD5
7d806a8dc2cba7a19367f2df6469c637
-
SHA1
e20e0bc603b5bb35a858e4d146e2a1a163971530
-
SHA256
c3814d14e580005378655d2ab8a2e889a0bf517b80b13e394b88d8f7e7b0d29b
-
SHA512
e8d4b5b483793ad2f655ec5e2d40388c0308d86e01995042bb5c94ad58b93a974ec041011093404faa09bc5f0982bea608f62dcd03e2e6d78cb1a5b3d7f6bf88
-
SSDEEP
49152:2uzbL+u+4fWHLY0j1IK9Fj7w1cGxRshM5q:2uvL+B8WHLXjCK9Fnccwsh9
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-