Resubmissions

15-01-2022 17:03

220115-vks6cseha4 10

15-01-2022 17:02

220115-vj9fysfbgj 7

15-01-2022 16:58

220115-vg7jksegh8 7

General

  • Target

    063822ca7966327be6a3dadb06e16d6c.exe.vir

  • Size

    5MB

  • Sample

    220115-vks6cseha4

  • MD5

    063822ca7966327be6a3dadb06e16d6c

  • SHA1

    68f61f2bcf3c325adbb190b892297d78a4f75254

  • SHA256

    515f555c06db60243a892bbdf57704792956569387482f6a7a001a782bb6bcd1

  • SHA512

    8c6e0963f3d8c4510426e8cf7511e62cd65eb6873037e235f9b27ac52736f4535ccc1cf499e2c689285c4bc76a9e3cb276c6dc5144bf1bd1222714333e698be5

Score
10/10

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

2.56.59.239:7355

Attributes
communication_password
c7dd0cd2ba364f132afa1dc58698c64e
tor_process
tor

Targets

    • Target

      063822ca7966327be6a3dadb06e16d6c.exe.vir

    • Size

      5MB

    • MD5

      063822ca7966327be6a3dadb06e16d6c

    • SHA1

      68f61f2bcf3c325adbb190b892297d78a4f75254

    • SHA256

      515f555c06db60243a892bbdf57704792956569387482f6a7a001a782bb6bcd1

    • SHA512

      8c6e0963f3d8c4510426e8cf7511e62cd65eb6873037e235f9b27ac52736f4535ccc1cf499e2c689285c4bc76a9e3cb276c6dc5144bf1bd1222714333e698be5

    Score
    10/10
    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation

                        Tasks