0a7dba172f5485536a67007bbb67f209

General
Target

0a7dba172f5485536a67007bbb67f209

Size

2MB

Sample

220107-bdtc1abga6

Score
10 /10
MD5

0a7dba172f5485536a67007bbb67f209

SHA1

7352fbbee9419e6afe958bfd34d55ffafeda0d58

SHA256

f10d43cfd07a986f1f3c75eb7c90af7e1d841530709f8dcac64bfbfcb53ec736

SHA512

6f2c94a396ed78e925c0d3dd6926498a7ba78bb5a111287b5c0b1122681e196fc526496a433e5b3b431988a5d6eb75218d0b5c814971163dbc489193454d14ba

Malware Config

Extracted

Family bitrat
Version 1.38
C2

severdops.ddns.net:3071

Attributes
communication_password
29ef52e7563626a96cea7f4b4085c124
tor_process
tor
Targets
Target

0a7dba172f5485536a67007bbb67f209

MD5

0a7dba172f5485536a67007bbb67f209

Filesize

2MB

Score
10/10
SHA1

7352fbbee9419e6afe958bfd34d55ffafeda0d58

SHA256

f10d43cfd07a986f1f3c75eb7c90af7e1d841530709f8dcac64bfbfcb53ec736

SHA512

6f2c94a396ed78e925c0d3dd6926498a7ba78bb5a111287b5c0b1122681e196fc526496a433e5b3b431988a5d6eb75218d0b5c814971163dbc489193454d14ba

Tags

Signatures

  • BitRAT

    Description

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    Tags

  • Windows security bypass

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Windows security modification

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1