Overview

overview

10

Static

static

New Stone ...EN.scr

windows7_x64

10

New Stone ...EN.scr

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New Stone inquiry 01022021 897GFRSDDCADEN.scr

  • Size

    1.1MB

  • Sample

    210301-c385d2n41a

  • MD5

    eb6ac9d5508beacc227bd3888f835cd6

  • SHA1

    6e4c8136b2d720712a072238010ca3b24e269eca

  • SHA256

    22cfc4b78b3482f98f18795cd81276a8984604fa808ee9364d0db3fa49dbc598

  • SHA512

    9e3b0be5062761f3b5e4284c7fbbc305c10cdfad9e26bc4945110e65b032ccc5e78e1cb7cd38e8bab4040018bb165aa1cce036adb1673670e0ca531def07f1d7

Score
10/10
bitratpersistencetrojanupx

Malware Config

Targets

    • Target

      New Stone inquiry 01022021 897GFRSDDCADEN.scr

    • Size

      1.1MB

    • MD5

      eb6ac9d5508beacc227bd3888f835cd6

    • SHA1

      6e4c8136b2d720712a072238010ca3b24e269eca

    • SHA256

      22cfc4b78b3482f98f18795cd81276a8984604fa808ee9364d0db3fa49dbc598

    • SHA512

      9e3b0be5062761f3b5e4284c7fbbc305c10cdfad9e26bc4945110e65b032ccc5e78e1cb7cd38e8bab4040018bb165aa1cce036adb1673670e0ca531def07f1d7

    Score
    10/10
    bitratpersistencetrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • BitRAT Payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks