0ca40808fdaccc210951a3c46bd79415.exe

General
Target

0ca40808fdaccc210951a3c46bd79415.exe

Size

1MB

Sample

201021-6kv2ytzh4x

Score
10 /10
MD5

0ca40808fdaccc210951a3c46bd79415

SHA1

d96423f7cce4bc21ba2d0aee774c7db85e84ab82

SHA256

657a84ee835cf7d47f30fa352ab511e15ec8235bf7876f4264cf9885e10aee57

SHA512

aa5de74739de5230086990c2f254938d2a5262b7771f088221932eba33fbb0b2767b79ff501803219b04fbbbeee7c042148d9ee004760e997701fc88264cc998

Malware Config
Targets
Target

0ca40808fdaccc210951a3c46bd79415.exe

MD5

0ca40808fdaccc210951a3c46bd79415

Filesize

1MB

Score
10 /10
SHA1

d96423f7cce4bc21ba2d0aee774c7db85e84ab82

SHA256

657a84ee835cf7d47f30fa352ab511e15ec8235bf7876f4264cf9885e10aee57

SHA512

aa5de74739de5230086990c2f254938d2a5262b7771f088221932eba33fbb0b2767b79ff501803219b04fbbbeee7c042148d9ee004760e997701fc88264cc998

Tags

Signatures

  • BitRAT

    Description

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    Tags

  • BitRAT Payload

  • Blocklisted process makes network request

  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1

                      1/10

                      behavioral1

                      10/10

                      behavioral2

                      10/10