Overview

overview

10

Static

static

01033e294f...26.exe

windows7_x64

10

01033e294f...26.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    01033e294faecb37e41c01525574ff033890eccc799175858049556e27e4b426

  • Size

    2.7MB

  • Sample

    211221-1tvnfaefe4

  • MD5

    42efa39082d113d675bc63909a07d619

  • SHA1

    71dd8678250e4bab3da90d3b0f51b5b444322a9e

  • SHA256

    01033e294faecb37e41c01525574ff033890eccc799175858049556e27e4b426

  • SHA512

    965c70807905687a9bc801a52f9c8d986fa6bdf9ddf6505609423eece9df63235fc0332b7f68e392f19e030f1e2688a64b26443c4295163f0e51ce4aa7317321

Score
10/10
bitratpersistencetrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.35

C2

publiquilla.linkpc.net:9092

Attributes
  • communication_password

    bfdba24ee3d61f0260c4dc1034c3ee43

  • install_dir

    System32dllwin

  • install_file

    Systemwin32077273dll.exe

  • tor_process

    tor

Targets

    • Target

      01033e294faecb37e41c01525574ff033890eccc799175858049556e27e4b426

    • Size

      2.7MB

    • MD5

      42efa39082d113d675bc63909a07d619

    • SHA1

      71dd8678250e4bab3da90d3b0f51b5b444322a9e

    • SHA256

      01033e294faecb37e41c01525574ff033890eccc799175858049556e27e4b426

    • SHA512

      965c70807905687a9bc801a52f9c8d986fa6bdf9ddf6505609423eece9df63235fc0332b7f68e392f19e030f1e2688a64b26443c4295163f0e51ce4aa7317321

    Score
    10/10
    bitratpersistencetrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks