Document.exe

General
Target

Document.exe

Size

435KB

Sample

220112-wcvvnadecm

Score
10 /10
MD5

12103b3952c09d930bf11af9df5b3ac4

SHA1

914ec6513405dfe91192ed9ae2e82c9fe32c366a

SHA256

4da51788f3414e7329cf4b720086550d686fa3d557c86b573a1eb0b218403c5f

SHA512

a7c09de2b7d617b780238df68abf5d6c80b791af8da4d32eb56f96efe1c03cbb46c5332ed287dd8a32bd42f76d17b19b442bb854f3dbd03f80b3ebb377680064

Malware Config

Extracted

Family bitrat
Version 1.38
C2

covid1987.ddns.net:9090
Attributes
communication_password
b4df9f494056d51f86c7f1a89850c467
tor_process
tor
Targets
Target

Document.exe

MD5

12103b3952c09d930bf11af9df5b3ac4

Filesize

435KB

Score
10/10
SHA1

914ec6513405dfe91192ed9ae2e82c9fe32c366a

SHA256

4da51788f3414e7329cf4b720086550d686fa3d557c86b573a1eb0b218403c5f

SHA512

a7c09de2b7d617b780238df68abf5d6c80b791af8da4d32eb56f96efe1c03cbb46c5332ed287dd8a32bd42f76d17b19b442bb854f3dbd03f80b3ebb377680064

Tags

Signatures

  • BitRAT

    Description

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    Tags

  • suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

    Description

    suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

    Tags

  • Downloads MZ/PE file

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

Related Tasks

behavioral1behavioral2
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10