2.1.exe

General
Target

2.1.exe

Size

2MB

Sample

220106-k761mabebl

Score
10 /10
MD5

8725525b3969fc1c1e01f8ec7eab1ed9

SHA1

0672c99376928faba1db5add67833606e0d73529

SHA256

58004218b37d36f47da2c5946cac4693e9aea741a0b3a02b823862aec085454b

SHA512

5f7b18430aee1e18ecf32eec5d825f7473258a715143df64c19ed703e011a7cf9da40815c4e2b4ea8677c1e6b97dfe0fd74079eaedd102ec2f801776c851cb85

Malware Config

Extracted

Family bitrat
Version 1.38
C2

severdops.ddns.net:3071

Attributes
communication_password
29ef52e7563626a96cea7f4b4085c124
tor_process
tor
Targets
Target

2.1.exe

MD5

8725525b3969fc1c1e01f8ec7eab1ed9

Filesize

2MB

Score
10/10
SHA1

0672c99376928faba1db5add67833606e0d73529

SHA256

58004218b37d36f47da2c5946cac4693e9aea741a0b3a02b823862aec085454b

SHA512

5f7b18430aee1e18ecf32eec5d825f7473258a715143df64c19ed703e011a7cf9da40815c4e2b4ea8677c1e6b97dfe0fd74079eaedd102ec2f801776c851cb85

Tags

Signatures

  • BitRAT

    Description

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    Tags

  • Windows security bypass

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

    Description

    suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

    Tags

  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Uses the VBS compiler for execution

    TTPs

    Scripting
  • Windows security modification

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation