Triage | Malware sandboxing report by Hatching Triage

Resubmissions

15-01-2022 17:03

220115-vks6cseha4 10

15-01-2022 17:02

220115-vj9fysfbgj 7

15-01-2022 16:58

220115-vg7jksegh8 7

Sharing

General

Target

063822ca7966327be6a3dadb06e16d6c.exe.vir
Size

5MB
Sample

220115-vks6cseha4
MD5

063822ca7966327be6a3dadb06e16d6c
SHA1

68f61f2bcf3c325adbb190b892297d78a4f75254
SHA256

515f555c06db60243a892bbdf57704792956569387482f6a7a001a782bb6bcd1
SHA512

8c6e0963f3d8c4510426e8cf7511e62cd65eb6873037e235f9b27ac52736f4535ccc1cf499e2c689285c4bc76a9e3cb276c6dc5144bf1bd1222714333e698be5

Score

10^/10

bitrat themida trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

2.56.59.239:7355

Attributes

communication_password
c7dd0cd2ba364f132afa1dc58698c64e
tor_process
tor

Targets

- Target
  
  063822ca7966327be6a3dadb06e16d6c.exe.vir
- Size
  
  5MB
- MD5
  
  063822ca7966327be6a3dadb06e16d6c
- SHA1
  
  68f61f2bcf3c325adbb190b892297d78a4f75254
- SHA256
  
  515f555c06db60243a892bbdf57704792956569387482f6a7a001a782bb6bcd1
- SHA512
  
  8c6e0963f3d8c4510426e8cf7511e62cd65eb6873037e235f9b27ac52736f4535ccc1cf499e2c689285c4bc76a9e3cb276c6dc5144bf1bd1222714333e698be5
Score

10^/10

themida bitrat trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Downloads MZ/PE file
- Executes dropped EXE
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Query Registry

T1012

System Information Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

behavioral2

bitratthemidatrojan

behavioral3