cc7d7321cd0e93fb312ea39c0124256fa60b3335cd6632ec0e83ffb4bf2b3dc9

General
Target

cc7d7321cd0e93fb312ea39c0124256fa60b3335cd6632ec0e83ffb4bf2b3dc9

Size

1MB

Sample

220107-pdm3wacbh6

Score
10 /10
MD5

a65b75567794b4d9f2558c672bd07dd5

SHA1

e217c9fde4b32680a11adf2200e673519f595bd3

SHA256

cc7d7321cd0e93fb312ea39c0124256fa60b3335cd6632ec0e83ffb4bf2b3dc9

SHA512

4388fc585cd542df150f427b2d7b4bea03de0cd51ce634dea5935215582990b55546f3e39ae172a6c142b0b96d83a659a6b14a336a622978c5d0a9de23062ccb

Malware Config

Extracted

Family bitrat
Version 1.38
C2

severdops.ddns.net:3071

Attributes
communication_password
29ef52e7563626a96cea7f4b4085c124
install_dir
msWORLD
install_file
excel.exe
tor_process
tor
Targets
Target

cc7d7321cd0e93fb312ea39c0124256fa60b3335cd6632ec0e83ffb4bf2b3dc9

MD5

a65b75567794b4d9f2558c672bd07dd5

Filesize

1MB

Score
10/10
SHA1

e217c9fde4b32680a11adf2200e673519f595bd3

SHA256

cc7d7321cd0e93fb312ea39c0124256fa60b3335cd6632ec0e83ffb4bf2b3dc9

SHA512

4388fc585cd542df150f427b2d7b4bea03de0cd51ce634dea5935215582990b55546f3e39ae172a6c142b0b96d83a659a6b14a336a622978c5d0a9de23062ccb

Tags

Signatures

  • BitRAT

    Description

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    Tags

  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10