Overview

overview

10

Static

static

Document.exe

windows7_x64

10

Document.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Document.exe

  • Size

    435KB

  • Sample

    220112-wcvvnadecm

  • MD5

    12103b3952c09d930bf11af9df5b3ac4

  • SHA1

    914ec6513405dfe91192ed9ae2e82c9fe32c366a

  • SHA256

    4da51788f3414e7329cf4b720086550d686fa3d557c86b573a1eb0b218403c5f

  • SHA512

    a7c09de2b7d617b780238df68abf5d6c80b791af8da4d32eb56f96efe1c03cbb46c5332ed287dd8a32bd42f76d17b19b442bb854f3dbd03f80b3ebb377680064

Score
10/10
bitratsuricatatrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

covid1987.ddns.net:9090

Attributes
  • communication_password

    b4df9f494056d51f86c7f1a89850c467

  • tor_process

    tor

Targets

    • Target

      Document.exe

    • Size

      435KB

    • MD5

      12103b3952c09d930bf11af9df5b3ac4

    • SHA1

      914ec6513405dfe91192ed9ae2e82c9fe32c366a

    • SHA256

      4da51788f3414e7329cf4b720086550d686fa3d557c86b573a1eb0b218403c5f

    • SHA512

      a7c09de2b7d617b780238df68abf5d6c80b791af8da4d32eb56f96efe1c03cbb46c5332ed287dd8a32bd42f76d17b19b442bb854f3dbd03f80b3ebb377680064

    Score
    10/10
    bitratsuricatatrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

      suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

      suricata

    • Downloads MZ/PE file

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks