Static

static

1

0ca40808fd...15.exe

windows7_x64

10

0ca40808fd...15.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0ca40808fdaccc210951a3c46bd79415.exe

  • Size

    1.7MB

  • Sample

    201021-6kv2ytzh4x

  • MD5

    0ca40808fdaccc210951a3c46bd79415

  • SHA1

    d96423f7cce4bc21ba2d0aee774c7db85e84ab82

  • SHA256

    657a84ee835cf7d47f30fa352ab511e15ec8235bf7876f4264cf9885e10aee57

  • SHA512

    aa5de74739de5230086990c2f254938d2a5262b7771f088221932eba33fbb0b2767b79ff501803219b04fbbbeee7c042148d9ee004760e997701fc88264cc998

Score
10/10
bitratpersistencetrojanupx

Malware Config

Targets

    • Target

      0ca40808fdaccc210951a3c46bd79415.exe

    • Size

      1.7MB

    • MD5

      0ca40808fdaccc210951a3c46bd79415

    • SHA1

      d96423f7cce4bc21ba2d0aee774c7db85e84ab82

    • SHA256

      657a84ee835cf7d47f30fa352ab511e15ec8235bf7876f4264cf9885e10aee57

    • SHA512

      aa5de74739de5230086990c2f254938d2a5262b7771f088221932eba33fbb0b2767b79ff501803219b04fbbbeee7c042148d9ee004760e997701fc88264cc998

    Score
    10/10
    bitratpersistencetrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • BitRAT Payload

    • Blocklisted process makes network request

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks