General
-
Target
8cf0c65f06309e62448877c27675ed38
-
Size
1.4MB
-
Sample
240203-v8e9eaegc9
-
MD5
8cf0c65f06309e62448877c27675ed38
-
SHA1
6cecd51374d6a408ac95b1e01d67ebdc30ab19bf
-
SHA256
0a9f7e6ef8592c3807d409340f351188d49da9b7cbe210b875995d85921a5e91
-
SHA512
5cd0f02fa20b0f9ba600924833f13b8f133dfdde04489223f72b9774fdf6b41b2974e4661aaaa539172af1347817ca1ff4de485f6043bed48b4842e050150146
-
SSDEEP
24576:NndRKZCy2BrhCeU2i2cJijFbCBTPmiY05tJMSQp5ysA7Yg1nLkz2dUdLCkrY:VXDFBU2iIBb0xY/6sUYYbdUK
Malware Config
Extracted
bitrat
1.38
20.194.35.6:7904
-
communication_password
202cb962ac59075b964b07152d234b70
-
install_dir
Appdata
-
install_file
Google.exe
-
tor_process
tor
Targets
-
-
Target
8cf0c65f06309e62448877c27675ed38
-
Size
1.4MB
-
MD5
8cf0c65f06309e62448877c27675ed38
-
SHA1
6cecd51374d6a408ac95b1e01d67ebdc30ab19bf
-
SHA256
0a9f7e6ef8592c3807d409340f351188d49da9b7cbe210b875995d85921a5e91
-
SHA512
5cd0f02fa20b0f9ba600924833f13b8f133dfdde04489223f72b9774fdf6b41b2974e4661aaaa539172af1347817ca1ff4de485f6043bed48b4842e050150146
-
SSDEEP
24576:NndRKZCy2BrhCeU2i2cJijFbCBTPmiY05tJMSQp5ysA7Yg1nLkz2dUdLCkrY:VXDFBU2iIBb0xY/6sUYYbdUK
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-