General
-
Target
97f1a585a7b4c15df61fa892fb3fc76d
-
Size
7.1MB
-
Sample
240212-3x4rmagb64
-
MD5
97f1a585a7b4c15df61fa892fb3fc76d
-
SHA1
9d1564a02e8cd72e9cb188da42e05ae3511762c8
-
SHA256
9a6e4a0945252684df6638c58bcc3f0eeb38923ab8b56972585692d43ecc532b
-
SHA512
a2b74994062f45df13552d80ef6f21c2228fedde24b5913e528721389bcf3cc22c5a8f6ac741d309322ec6340648248d1bb6b4794f83f93a42e90f03c2776e38
-
SSDEEP
196608:9fXscaDbsQoXznnH/UAhB9ZOjy+puQqw/LMBkJzIDluZpK1:9fsOnfpDmKmTaMCloK
Malware Config
Extracted
bitrat
1.38
vbd3hiruwgcquiwrhpvaxann2ieo3tw3iznqlrp2z6mqyaonh4rswjqd.onion:80
-
communication_password
a5b168cfbe7cfa4410a62b9965318077
-
tor_process
svchost
Targets
-
-
Target
97f1a585a7b4c15df61fa892fb3fc76d
-
Size
7.1MB
-
MD5
97f1a585a7b4c15df61fa892fb3fc76d
-
SHA1
9d1564a02e8cd72e9cb188da42e05ae3511762c8
-
SHA256
9a6e4a0945252684df6638c58bcc3f0eeb38923ab8b56972585692d43ecc532b
-
SHA512
a2b74994062f45df13552d80ef6f21c2228fedde24b5913e528721389bcf3cc22c5a8f6ac741d309322ec6340648248d1bb6b4794f83f93a42e90f03c2776e38
-
SSDEEP
196608:9fXscaDbsQoXznnH/UAhB9ZOjy+puQqw/LMBkJzIDluZpK1:9fsOnfpDmKmTaMCloK
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-