ioc[.]one - OSINT Cyber Threat Intelligence Database

BitRAT Disguised as Windows Product Key Verification Tool Being Distributed - ASEC BLOG

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vnc - T1021.005 Tool - T1588.002 Connection Proxy - T1090 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	2fdc3541-fd43-4965-a95b-707d0f6915ba
Fingerprint	94f7eaffefb300d6
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 21, 2022, 2:20 p.m.
Added to db	Sept. 11, 2022, 4:59 p.m.
Last updated	Sept. 5, 2024, 12:53 a.m.
Headline	BitRAT Disguised as Windows Product Key Verification Tool Being Distributed
Title	BitRAT Disguised as Windows Product Key Verification Tool Being Distributed - ASEC BLOG
Detected Hints/Tags/Attributes	49/2/31

Source URLs

	Redirection	Url
Details	Source	https://asec.ahnlab.com/en/32781/

URL Provider

Details	Provider	Source level domain
Details	ahnlab.com	asec.ahnlab.com

Attributes

Details	Type	#Events	Value
Details	Domain	3	program.zip
Details	Domain	1	cothdesigns.com
Details	Domain	1	jmuquwk.duckdns.org
Details	Domain	1	nnmmdlc.duckdns.org
Details	Domain	1	kx3nz98.duckdns.org
Details	Domain	1	z59okz.duckdns.org
Details	File	3	program.zip
Details	File	2	w10digitalactivation.exe
Details	File	1	w10digitalactivation.msi
Details	File	1	w10digitalactivation_temp.msi
Details	File	10	software_reporter_tool.exe
Details	File	1	v_1267705.exe
Details	File	1	v_5248849.exe
Details	File	1	a_1992262.exe
Details	File	1	a_1146246.exe
Details	md5	1	6befd2bd3005a0390153f643ba248e25
Details	md5	1	60ee7740c4b7542701180928ef6f0d53
Details	md5	1	c4740d6a8fb6e17e8d2b21822c45863b
Details	md5	1	b8c39c252aeb7c264607a053f368f6eb
Details	md5	1	e03a79366acb221fd5206ab4987406f2
Details	md5	1	ea1b987a7fdfc2996d5f314a20fd4d99
Details	md5	1	54ef1804c22f6b24a930552cd51a4ae2
Details	IPv4	1	108.61.207.100
Details	Url	1	http://cothdesigns.com:443/1480313
Details	Url	1	http://cothdesigns.com:443/4411259
Details	Url	1	http://jmuquwk.duckdns.org:443/1480313
Details	Url	1	http://nnmmdlc.duckdns.org:443/1480313
Details	Url	1	http://kx3nz98.duckdns.org:443/v/v_1267705.exe
Details	Url	1	http://108.61.207.100:443/v/v_5248849.exe
Details	Url	1	http://kx3nz98.duckdns.org:443/v/a_1992262.exe
Details	Url	1	http://108.61.207.100:443/result/a_1146246.exe