General
-
Target
a33ef1aeacaaab00c46cccf65a06b84f4d89399e53ee8aae9d0e6515a298f678
-
Size
1.8MB
-
Sample
240226-1mp5dahd2y
-
MD5
421f90c576a980bc45f3e35f7781c8b0
-
SHA1
fd68fb8cef3cea50bab8b8e83fdb2d0f40aeb9b9
-
SHA256
a33ef1aeacaaab00c46cccf65a06b84f4d89399e53ee8aae9d0e6515a298f678
-
SHA512
2fdd89cfcddc908503d8c3096040709bd50567e2786c6f1244ed7ec0852dfdda468dad4163adbd7101c1fed4dd0ac50526195adfa9ca5b1ee76f43db4e02d3fc
-
SSDEEP
49152:vSAI96OhipsQwMinMPosfR39joN+GSvB7mCUMwzI3:6AoisjMBPLp32tSvQ14
Malware Config
Extracted
bitrat
1.38
dorimebit.duckdns.org:2030
-
communication_password
827ccb0eea8a706c4c34a16891f84e7b
-
tor_process
tor
Targets
-
-
Target
COPY0001.exe
-
Size
300.0MB
-
MD5
ef077d3465b442673296cee268e2973a
-
SHA1
438ec36e4cc7cad870740c5e926753f04baa1958
-
SHA256
f68ccb24ae1039fdfe224fd82d46e2a30e2b082d923c92510162218d453e2cfe
-
SHA512
e53eaa044e8da60afc25f785953b4272eb684391fee5ee32c8c35946c7324ef5dfd4d4cdd9a6ad71eb7c7717fa2d1f40cead8ae5c7c5273ef3a030fdd60091ed
-
SSDEEP
49152:YwTaSh6OnQVq2ky+jEnogf1L79QxEGIvbDmCwM4BIdN90L:fTaOsqdy1nzdLOfIvm7
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
Detects executables packed with Babel
-
Detects executables packed with Dotfuscator
-
Detects executables packed with Goliath
-
Detects executables packed with SmartAssembly
-
Detects executables packed with dotNetProtector
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-