RECEIPTUSD97.00.exe

General
Target

RECEIPTUSD97.00.exe

Size

1MB

Sample

220110-l2srgseba3

Score
10 /10
MD5

08e0f6fc015b6008f3d0e583c94c8772

SHA1

ea87a156303f0cd82266734f7f9678faecffa18b

SHA256

84e9426e79655328d7e51384cd16697772d5fa8043ef793e4777ec7e3c38c6d0

SHA512

bf340c263cf3a4c1d1d58304ce921f228e2e20a70eef29322ee01894a5b7b68b5646fd800a3c4ea826472450195b7228166272b9afff750f057f8bcdd514a35c

Malware Config

Extracted

Family bitrat
Version 1.38
C2

bitpeople.duckdns.org:9173

Attributes
communication_password
81dc9bdb52d04dc20036dbd8313ed055
tor_process
tor
Targets
Target

RECEIPTUSD97.00.exe

MD5

08e0f6fc015b6008f3d0e583c94c8772

Filesize

1MB

Score
10/10
SHA1

ea87a156303f0cd82266734f7f9678faecffa18b

SHA256

84e9426e79655328d7e51384cd16697772d5fa8043ef793e4777ec7e3c38c6d0

SHA512

bf340c263cf3a4c1d1d58304ce921f228e2e20a70eef29322ee01894a5b7b68b5646fd800a3c4ea826472450195b7228166272b9afff750f057f8bcdd514a35c

Tags

Signatures

  • BitRAT

    Description

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    Tags

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10