Overview

overview

9

Static

static

Sitat.exe

windows7_x64

9

Sitat.exe

windows10_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Sitat.exe

  • Size

    1.1MB

  • Sample

    201125-2aedtknacs

  • MD5

    442486bfd653a5fe61b776351df520da

  • SHA1

    0c437994ff65a85e86c052badb4ddc097cfec1d4

  • SHA256

    8bfe228dbd446c4a9f65d93725c39404c6b2a5d6795aa2fcb60b1d04de21f81b

  • SHA512

    7ae8f4c5fcbf7cd0fab81891350cf4f62586985f8dbe24d25281ceb6e11c6faca001aab3d0dbb97e2dd464e68dbe8ed04b69b63ae6db16a55e7b9334f213b43f

Score
9/10
evasionspyware

Malware Config

Targets

    • Target

      Sitat.exe

    • Size

      1.1MB

    • MD5

      442486bfd653a5fe61b776351df520da

    • SHA1

      0c437994ff65a85e86c052badb4ddc097cfec1d4

    • SHA256

      8bfe228dbd446c4a9f65d93725c39404c6b2a5d6795aa2fcb60b1d04de21f81b

    • SHA512

      7ae8f4c5fcbf7cd0fab81891350cf4f62586985f8dbe24d25281ceb6e11c6faca001aab3d0dbb97e2dd464e68dbe8ed04b69b63ae6db16a55e7b9334f213b43f

    Score
    9/10
    evasionspyware

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

4
T1012

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

2
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks