780fd4b0a5fde771e1997ce53896cb9f

General
Target

780fd4b0a5fde771e1997ce53896cb9f

Size

115KB

Sample

220113-wlc17sbhe9

Score
10 /10
MD5

780fd4b0a5fde771e1997ce53896cb9f

SHA1

620c2e4b60d2f902933ff6a20042f71b53833e10

SHA256

a6d0e2abcc93742839c48666cfee33a4647b42863c7a3304691eed1fc5e854fb

SHA512

f5b3434abe7fbe02be993904b572c08b7c7e5963f8fec8fc4dfbc027c76bd21a9c7188b4a5fdda269d77c36c7fee37465251b490f09fe6fc303577bb6cae0f4d

Malware Config

Extracted

Family bitrat
Version 1.38
C2

drfcjug.duckdns.org:1882

Attributes
communication_password
81dc9bdb52d04dc20036dbd8313ed055
tor_process
tor
Targets
Target

780fd4b0a5fde771e1997ce53896cb9f

MD5

780fd4b0a5fde771e1997ce53896cb9f

Filesize

115KB

Score
10/10
SHA1

620c2e4b60d2f902933ff6a20042f71b53833e10

SHA256

a6d0e2abcc93742839c48666cfee33a4647b42863c7a3304691eed1fc5e854fb

SHA512

f5b3434abe7fbe02be993904b572c08b7c7e5963f8fec8fc4dfbc027c76bd21a9c7188b4a5fdda269d77c36c7fee37465251b490f09fe6fc303577bb6cae0f4d

Tags

Signatures

  • BitRAT

    Description

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    Tags

  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      3/10