Overview

overview

10

Static

static

760138.exe

windows7_x64

6

760138.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    760138.exe

  • Size

    60KB

  • Sample

    210226-t7tzvhggts

  • MD5

    599efde12b6948266df775575d37c433

  • SHA1

    6c4953baee81b92254a73d40182678cfbe59c63b

  • SHA256

    5c2766a9b8df935b6144459c3ae5c8f6b7cab54ab844cc78ae770ed1481c4220

  • SHA512

    fb340259594c64c5b1b7ec60190a587dad6b5d7cbd3b991c737578836e4c4b26e475e01f0c2d90227d3563a0091d66d2518fb98d3f0228130c64bd10cd7a01e6

Score
10/10
bitratpersistencetrojan

Malware Config

Targets

    • Target

      760138.exe

    • Size

      60KB

    • MD5

      599efde12b6948266df775575d37c433

    • SHA1

      6c4953baee81b92254a73d40182678cfbe59c63b

    • SHA256

      5c2766a9b8df935b6144459c3ae5c8f6b7cab54ab844cc78ae770ed1481c4220

    • SHA512

      fb340259594c64c5b1b7ec60190a587dad6b5d7cbd3b991c737578836e4c4b26e475e01f0c2d90227d3563a0091d66d2518fb98d3f0228130c64bd10cd7a01e6

    Score
    10/10
    persistencebitrattrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • BitRAT Payload

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks