bitrat

General

Target

dogovor.doc
Size

8KB
Sample

210226-8fna5qyhja
MD5

372c2759cee22609b6b848e74eacdbc9
SHA1

e4e20687e2f8a8954bb11d4cdb40ce99dcb44b4d
SHA256

85c83d12212145e186408c1910dbc95a301a13a70e37a7a32b3e14c48c8b832b
SHA512

ca89e1ba5109b365355a9be780d5088c68b245974ab66033ee8b964a45a711430e99f8f4f167b555e52ebb8733b54d921b18f3736d052a55be353bc4c9009aa2

Score

10^/10

Malware Config

Targets

- Target
  
  dogovor.doc
- Size
  
  8KB
- MD5
  
  372c2759cee22609b6b848e74eacdbc9
- SHA1
  
  e4e20687e2f8a8954bb11d4cdb40ce99dcb44b4d
- SHA256
  
  85c83d12212145e186408c1910dbc95a301a13a70e37a7a32b3e14c48c8b832b
- SHA512
  
  ca89e1ba5109b365355a9be780d5088c68b245974ab66033ee8b964a45a711430e99f8f4f167b555e52ebb8733b54d921b18f3736d052a55be353bc4c9009aa2
Score

10^/10

bitrat xenarmor password persistence recovery spyware trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- BitRAT Payload
- XenArmor Suite
  XenArmor is as suite of password recovery tools for various application.
  recovery password xenarmor
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Blocklisted process makes network request
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2