General

  • Target

    59f5aa2f3938d9478d3275caaa5eda91.exe

  • Size

    271KB

  • Sample

    220105-yd39jabaak

  • MD5

    59f5aa2f3938d9478d3275caaa5eda91

  • SHA1

    87fddce9bdff61168e35c09c09e04378137cfabc

  • SHA256

    2bbe399540ca6bbcb26444284ed0cf85c0840a1d36c8bf3ca670be78a4975410

  • SHA512

    bb9282b6f89a5d887d84bedf9a782a5c774158aa670a17bf0d532dbaf0f9b0e3f57d7ca1bc14c9de0f46de27b08fef7bd172f018fdc9108d395859f2edb8243e

Malware Config

Extracted

Family

bitrat

Version

1.35

C2

storage.nsupdate.info:8973

Attributes
  • communication_password

    bf771c9d082071fe80b18bb678220682

  • tor_process

    tor

Targets

    • Target

      59f5aa2f3938d9478d3275caaa5eda91.exe

    • Size

      271KB

    • MD5

      59f5aa2f3938d9478d3275caaa5eda91

    • SHA1

      87fddce9bdff61168e35c09c09e04378137cfabc

    • SHA256

      2bbe399540ca6bbcb26444284ed0cf85c0840a1d36c8bf3ca670be78a4975410

    • SHA512

      bb9282b6f89a5d887d84bedf9a782a5c774158aa670a17bf0d532dbaf0f9b0e3f57d7ca1bc14c9de0f46de27b08fef7bd172f018fdc9108d395859f2edb8243e

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

      suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops startup file

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks