Resubmissions
11-04-2024 07:23
240411-h79qeaee77 1011-04-2024 07:22
240411-h7ha6aee65 1011-04-2024 07:22
240411-h7g1dshf5x 1011-04-2024 07:22
240411-h7gdvsee63 1011-04-2024 07:22
240411-h7fsbshf5w 1007-04-2024 08:58
240407-kxh6tahg75 1007-04-2024 07:55
240407-jr6jgsgd3z 1007-04-2024 07:54
240407-jrz2psgh28 1007-04-2024 07:54
240407-jrvf8agd3w 1007-04-2024 07:51
240407-jqb89agg76 10General
-
Target
6ec74da2134bd56250ca32be04b9b697
-
Size
7.8MB
-
Sample
240407-jqb89agg76
-
MD5
6ec74da2134bd56250ca32be04b9b697
-
SHA1
d20ff3ed5ff0f49b10d6c06dbc5710fb910e2e28
-
SHA256
1ab1a15e1e4a19c7d77a01f00de5d401bc7ab0ffaa33c332788aadeeedddc386
-
SHA512
d4d71707f0d8e5d7473980ddebea9fe7764dd38cc3cb51e789336869f28425d5d42aa229cdaac08ba22bebdabf108bfeb8c5f30452f9fd2787275c2863e3fea2
-
SSDEEP
196608:6CRAktw/6k1Juxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOfTVI:VRAktqJuxwZ6v1CPwDv3uFteg2EeJUOf
Malware Config
Targets
-
-
Target
6ec74da2134bd56250ca32be04b9b697
-
Size
7.8MB
-
MD5
6ec74da2134bd56250ca32be04b9b697
-
SHA1
d20ff3ed5ff0f49b10d6c06dbc5710fb910e2e28
-
SHA256
1ab1a15e1e4a19c7d77a01f00de5d401bc7ab0ffaa33c332788aadeeedddc386
-
SHA512
d4d71707f0d8e5d7473980ddebea9fe7764dd38cc3cb51e789336869f28425d5d42aa229cdaac08ba22bebdabf108bfeb8c5f30452f9fd2787275c2863e3fea2
-
SSDEEP
196608:6CRAktw/6k1Juxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOfTVI:VRAktqJuxwZ6v1CPwDv3uFteg2EeJUOf
Score10/10-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-