Overview

overview

10

Static

static

7

063822ca79...ir.exe

windows10_x64

7

063822ca79...ir.exe

windows10-2004_x64

10

063822ca79...ir.exe

windows11_x64

Resubmissions

15-01-2022 17:03

220115-vks6cseha4 10

15-01-2022 17:02

220115-vj9fysfbgj 7

15-01-2022 16:58

220115-vg7jksegh8 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    063822ca7966327be6a3dadb06e16d6c.exe.vir

  • Size

    5MB

  • Sample

    220115-vks6cseha4

  • MD5

    063822ca7966327be6a3dadb06e16d6c

  • SHA1

    68f61f2bcf3c325adbb190b892297d78a4f75254

  • SHA256

    515f555c06db60243a892bbdf57704792956569387482f6a7a001a782bb6bcd1

  • SHA512

    8c6e0963f3d8c4510426e8cf7511e62cd65eb6873037e235f9b27ac52736f4535ccc1cf499e2c689285c4bc76a9e3cb276c6dc5144bf1bd1222714333e698be5

Score
10/10
bitratthemidatrojan

Malware Config

Extracted

Family

bitrat
Version

1.38
C2

2.56.59.239:7355
Attributes
communication_password
c7dd0cd2ba364f132afa1dc58698c64e
tor_process
tor

Targets

    • Target

      063822ca7966327be6a3dadb06e16d6c.exe.vir

    • Size

      5MB

    • MD5

      063822ca7966327be6a3dadb06e16d6c

    • SHA1

      68f61f2bcf3c325adbb190b892297d78a4f75254

    • SHA256

      515f555c06db60243a892bbdf57704792956569387482f6a7a001a782bb6bcd1

    • SHA512

      8c6e0963f3d8c4510426e8cf7511e62cd65eb6873037e235f9b27ac52736f4535ccc1cf499e2c689285c4bc76a9e3cb276c6dc5144bf1bd1222714333e698be5

    Score
    10/10
    themidabitrattrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation

                        Tasks