cad70078636cc2bc01019e66c90c8144.exe

General
Target

cad70078636cc2bc01019e66c90c8144.exe

Size

1MB

Sample

201022-1p6624fk9j

Score
10 /10
MD5

cad70078636cc2bc01019e66c90c8144

SHA1

054ce24e6674b19477fce3e158b2cc881c2881d9

SHA256

e7f018a097a4041995e6d95f9de421d36605140b3c648e1c46af0a0df08b3aef

SHA512

3a321d5e72b6f0a85e9d726cea59d98dd90bf74b334f88326313fa3747d3ae7b239d1fab2bf512fb2d31f3125698dd471001978591f8ee86bf63599dee83d1f4

Malware Config
Targets
Target

cad70078636cc2bc01019e66c90c8144.exe

MD5

cad70078636cc2bc01019e66c90c8144

Filesize

1MB

Score
10 /10
SHA1

054ce24e6674b19477fce3e158b2cc881c2881d9

SHA256

e7f018a097a4041995e6d95f9de421d36605140b3c648e1c46af0a0df08b3aef

SHA512

3a321d5e72b6f0a85e9d726cea59d98dd90bf74b334f88326313fa3747d3ae7b239d1fab2bf512fb2d31f3125698dd471001978591f8ee86bf63599dee83d1f4

Tags

Signatures

  • BitRAT

    Description

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    Tags

  • BitRAT Payload

  • Blocklisted process makes network request

  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    1/10

                    behavioral1

                    10/10

                    behavioral2

                    10/10