General
-
Target
Nvokcuobkn.exe
-
Size
51KB
-
Sample
240224-p2zrkscg9z
-
MD5
8647ffb0d889ea1933f7a4e7771094c0
-
SHA1
5c20b6cf56287c18566e50b0249e6cd9285f3ca3
-
SHA256
6570e239d47518afaf8baeed1da31b475ec07ee1256e85bd0318d397f40d4e5c
-
SHA512
26c47cf2ceb3a6e7d3d3b7f7d8934d6d769d31d9d279479a141df6ae2057e8b2644e12a225f56e5306529133e1a793b9500e5633732ef586464ea2c8fd43957c
-
SSDEEP
768:ibNdv/q2bAXYN+/sHyIoY1Dufiy1SSP4+acdU9/nKPUTV4A5Ynn8w/Ayfmxx:i+7+1DZy1LfaF/nEUitnn8gAyfw
Malware Config
Extracted
bitrat
1.38
103.153.182.247:6161
-
communication_password
81dc9bdb52d04dc20036dbd8313ed055
-
install_dir
Install path
-
install_file
Install name
-
tor_process
tor
Targets
-
-
Target
Nvokcuobkn.exe
-
Size
51KB
-
MD5
8647ffb0d889ea1933f7a4e7771094c0
-
SHA1
5c20b6cf56287c18566e50b0249e6cd9285f3ca3
-
SHA256
6570e239d47518afaf8baeed1da31b475ec07ee1256e85bd0318d397f40d4e5c
-
SHA512
26c47cf2ceb3a6e7d3d3b7f7d8934d6d769d31d9d279479a141df6ae2057e8b2644e12a225f56e5306529133e1a793b9500e5633732ef586464ea2c8fd43957c
-
SSDEEP
768:ibNdv/q2bAXYN+/sHyIoY1Dufiy1SSP4+acdU9/nKPUTV4A5Ynn8w/Ayfmxx:i+7+1DZy1LfaF/nEUitnn8gAyfw
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-