General
-
Target
Vnmzbixzwq.exe
-
Size
124KB
-
Sample
240130-pwrtsahcfj
-
MD5
05b706072a3225cae1d0672917b5116e
-
SHA1
e7af9b2fbb08636397fdccf414f451104ea6d87c
-
SHA256
ff013e2b5329423fcd88fd3c161eef481832e9dc19fdfa504539528452945967
-
SHA512
d5147d93ec3b80c0cfd49afad941097404a8d57c3863e283fe1fa83d42feee30885848cb0bd6093eb4a185b4da8f39e731f27c566aed9ccbb897d1b5abdf4afb
-
SSDEEP
1536:aXA2oc074SBpgzZpJNqZxR4JQz25CxgkLC1no8OgbcRvFc1lxyyp85hwexlf64gJ:sipgVZEx+Jaxvu1no8OgbcRq1lx9Ua
Malware Config
Extracted
bitrat
1.38
103.153.182.89:1234
-
communication_password
81dc9bdb52d04dc20036dbd8313ed055
-
install_dir
Install path
-
install_file
Install name
-
tor_process
tor
Targets
-
-
Target
Vnmzbixzwq.exe
-
Size
124KB
-
MD5
05b706072a3225cae1d0672917b5116e
-
SHA1
e7af9b2fbb08636397fdccf414f451104ea6d87c
-
SHA256
ff013e2b5329423fcd88fd3c161eef481832e9dc19fdfa504539528452945967
-
SHA512
d5147d93ec3b80c0cfd49afad941097404a8d57c3863e283fe1fa83d42feee30885848cb0bd6093eb4a185b4da8f39e731f27c566aed9ccbb897d1b5abdf4afb
-
SSDEEP
1536:aXA2oc074SBpgzZpJNqZxR4JQz25CxgkLC1no8OgbcRvFc1lxyyp85hwexlf64gJ:sipgVZEx+Jaxvu1no8OgbcRq1lx9Ua
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-