063822ca7966327be6a3dadb06e16d6c.exe.vir

Target

Size

5MB

Sample

220115-vks6cseha4

Score

10 ^/10

MD5

063822ca7966327be6a3dadb06e16d6c

SHA1

68f61f2bcf3c325adbb190b892297d78a4f75254

SHA256

515f555c06db60243a892bbdf57704792956569387482f6a7a001a782bb6bcd1

SHA512

8c6e0963f3d8c4510426e8cf7511e62cd65eb6873037e235f9b27ac52736f4535ccc1cf499e2c689285c4bc76a9e3cb276c6dc5144bf1bd1222714333e698be5

Extracted

Family	bitrat
Version	1.38
C2	2.56.59.239:7355 2.56.59.239:7355
Attributes	communication_password c7dd0cd2ba364f132afa1dc58698c64e tor_process tor

Target

063822ca7966327be6a3dadb06e16d6c.exe.vir

MD5

063822ca7966327be6a3dadb06e16d6c

Filesize

5MB

Score

10^/10

SHA1

68f61f2bcf3c325adbb190b892297d78a4f75254

SHA256

515f555c06db60243a892bbdf57704792956569387482f6a7a001a782bb6bcd1

SHA512

8c6e0963f3d8c4510426e8cf7511e62cd65eb6873037e235f9b27ac52736f4535ccc1cf499e2c689285c4bc76a9e3cb276c6dc5144bf1bd1222714333e698be5

Signatures

BitRAT
Description

BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
Tags

trojan bitrat
Downloads MZ/PE file
Executes dropped EXE
Themida packer
Description

Detects Themida, an advanced Windows software protection system.
Tags

themida
Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

behavioral1 behavioral2 behavioral3

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

themida

7^/10

behavioral1

themida

7^/10

behavioral2

bitrat themida trojan

10^/10

behavioral3

1^/10

Extracted

Tags

Signatures

BitRAT

Description

Tags

Downloads MZ/PE file

Executes dropped EXE

Themida packer

Description

Tags

Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

static1

behavioral1

behavioral2

behavioral3