Overview

overview

10

Static

static

6c2934d4_b...is.exe

windows7_x64

10

6c2934d4_b...is.exe

windows10_x64

10

Resubmissions

03/03/2025, 05:49

250303-gjhrcayxf1 10

26/04/2021, 22:57

210426-27fq4xrdvx 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6c2934d4_by_Libranalysis

  • Size

    3.5MB

  • Sample

    210426-27fq4xrdvx

  • MD5

    6c2934d437e948bf2727a4358edb9a59

  • SHA1

    f5a10d17ebb6c2bd247156387d19accc6819cd3f

  • SHA256

    aee478258bbebf0a4cb76eb703c210fa363edbb22d484fe3e6fbcf5f2c3d1af4

  • SHA512

    ccb7c83a5c4f9f96aeeb03ee1460d964bae698e7a0d6b3aec1ab96af0ca7230173023c5c3b1cef29283053153181c69aec3a96bb027e3b39a94fd50ccdf5c246

Score
10/10
bitratpersistencetrojanupx

Malware Config

Targets

    • Target

      6c2934d4_by_Libranalysis

    • Size

      3.5MB

    • MD5

      6c2934d437e948bf2727a4358edb9a59

    • SHA1

      f5a10d17ebb6c2bd247156387d19accc6819cd3f

    • SHA256

      aee478258bbebf0a4cb76eb703c210fa363edbb22d484fe3e6fbcf5f2c3d1af4

    • SHA512

      ccb7c83a5c4f9f96aeeb03ee1460d964bae698e7a0d6b3aec1ab96af0ca7230173023c5c3b1cef29283053153181c69aec3a96bb027e3b39a94fd50ccdf5c246

    Score
    10/10
    bitratpersistencetrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • BitRAT Payload

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks