General
-
Target
23ac6a9a61ddc568b82e23d19873e1756be1450cd9989f698be3d18f083f24aa.bin.sample
-
Size
5.2MB
-
Sample
240414-merfksfh39
-
MD5
0bff2eb7cf8fbbf17ff6594b09101e3b
-
SHA1
bfa77a5afa5d45aa178edc14361ca2a5825c96f5
-
SHA256
23ac6a9a61ddc568b82e23d19873e1756be1450cd9989f698be3d18f083f24aa
-
SHA512
0861b861e3579ea7867515cea737f811b28bdc689fe24a8e89d1cd9c47d621eb76488a444406d604e0ac860d5f4a8ec73d931828d4281372ad7827af61e73f13
-
SSDEEP
98304:3mcwWGj36qlPEo+AiJGIvKL10DGXPXbgkIjqNFHBAMSEFkU9WFn5fG2iD8ND3+P:2BP7lPEo+Phu3LjIjqjHBqEFPEF579Nr
Behavioral task
behavioral1
Sample
23ac6a9a61ddc568b82e23d19873e1756be1450cd9989f698be3d18f083f24aa.bin.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
23ac6a9a61ddc568b82e23d19873e1756be1450cd9989f698be3d18f083f24aa.bin.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
23ac6a9a61ddc568b82e23d19873e1756be1450cd9989f698be3d18f083f24aa.bin.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral4
Sample
23ac6a9a61ddc568b82e23d19873e1756be1450cd9989f698be3d18f083f24aa.bin.exe
Resource
win11-20240412-en
Malware Config
Targets
-
-
Target
23ac6a9a61ddc568b82e23d19873e1756be1450cd9989f698be3d18f083f24aa.bin.sample
-
Size
5.2MB
-
MD5
0bff2eb7cf8fbbf17ff6594b09101e3b
-
SHA1
bfa77a5afa5d45aa178edc14361ca2a5825c96f5
-
SHA256
23ac6a9a61ddc568b82e23d19873e1756be1450cd9989f698be3d18f083f24aa
-
SHA512
0861b861e3579ea7867515cea737f811b28bdc689fe24a8e89d1cd9c47d621eb76488a444406d604e0ac860d5f4a8ec73d931828d4281372ad7827af61e73f13
-
SSDEEP
98304:3mcwWGj36qlPEo+AiJGIvKL10DGXPXbgkIjqNFHBAMSEFkU9WFn5fG2iD8ND3+P:2BP7lPEo+Phu3LjIjqjHBqEFPEF579Nr
Score10/10-
BitRAT payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-