0b032e83c3a78f61fa3bf9cebd5a0242.exe

General
Target

0b032e83c3a78f61fa3bf9cebd5a0242.exe

Size

4MB

Sample

211230-j3vw5aeccj

Score
10 /10
MD5

0b032e83c3a78f61fa3bf9cebd5a0242

SHA1

f39705cde333b8c104f0a0381aa85de5a9d40e23

SHA256

4dbfb66b1aca617e4af7d11dcc9d97b11e61e94b188283a8f17f9078df30dbec

SHA512

776674d9a1e9ec68dd4f2a3d4deaf7eec921b3a306874f15956a70491bf6bb166d7994039dc724afcc1e1ed9150a91116965a79e8a320e37dced402d258e5a77

Malware Config

Extracted

Family bitrat
Version 1.38
C2

queentaline.ddns.net:1117

Attributes
communication_password
202cb962ac59075b964b07152d234b70
tor_process
tor
Targets
Target

0b032e83c3a78f61fa3bf9cebd5a0242.exe

MD5

0b032e83c3a78f61fa3bf9cebd5a0242

Filesize

4MB

Score
10/10
SHA1

f39705cde333b8c104f0a0381aa85de5a9d40e23

SHA256

4dbfb66b1aca617e4af7d11dcc9d97b11e61e94b188283a8f17f9078df30dbec

SHA512

776674d9a1e9ec68dd4f2a3d4deaf7eec921b3a306874f15956a70491bf6bb166d7994039dc724afcc1e1ed9150a91116965a79e8a320e37dced402d258e5a77

Tags

Signatures

  • BitRAT

    Description

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    Tags

  • suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

    Description

    suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

    Tags

  • Deletes itself

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10