59f5aa2f3938d9478d3275caaa5eda91.exe

General
Target

59f5aa2f3938d9478d3275caaa5eda91.exe

Size

271KB

Sample

220105-yd39jabaak

Score
10 /10
MD5

59f5aa2f3938d9478d3275caaa5eda91

SHA1

87fddce9bdff61168e35c09c09e04378137cfabc

SHA256

2bbe399540ca6bbcb26444284ed0cf85c0840a1d36c8bf3ca670be78a4975410

SHA512

bb9282b6f89a5d887d84bedf9a782a5c774158aa670a17bf0d532dbaf0f9b0e3f57d7ca1bc14c9de0f46de27b08fef7bd172f018fdc9108d395859f2edb8243e

Malware Config

Extracted

Family bitrat
Version 1.35
C2

storage.nsupdate.info:8973

Attributes
communication_password
bf771c9d082071fe80b18bb678220682
tor_process
tor
Targets
Target

59f5aa2f3938d9478d3275caaa5eda91.exe

MD5

59f5aa2f3938d9478d3275caaa5eda91

Filesize

271KB

Score
10/10
SHA1

87fddce9bdff61168e35c09c09e04378137cfabc

SHA256

2bbe399540ca6bbcb26444284ed0cf85c0840a1d36c8bf3ca670be78a4975410

SHA512

bb9282b6f89a5d887d84bedf9a782a5c774158aa670a17bf0d532dbaf0f9b0e3f57d7ca1bc14c9de0f46de27b08fef7bd172f018fdc9108d395859f2edb8243e

Tags

Signatures

  • BitRAT

    Description

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    Tags

  • suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

    Description

    suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

    Tags

  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Drops startup file

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        3/10

                        behavioral2

                        10/10