063822ca7966327be6a3dadb06e16d6c.exe.vir

General
Target

063822ca7966327be6a3dadb06e16d6c.exe.vir

Size

5MB

Sample

220115-vks6cseha4

Score
10 /10
MD5

063822ca7966327be6a3dadb06e16d6c

SHA1

68f61f2bcf3c325adbb190b892297d78a4f75254

SHA256

515f555c06db60243a892bbdf57704792956569387482f6a7a001a782bb6bcd1

SHA512

8c6e0963f3d8c4510426e8cf7511e62cd65eb6873037e235f9b27ac52736f4535ccc1cf499e2c689285c4bc76a9e3cb276c6dc5144bf1bd1222714333e698be5

Malware Config

Extracted

Family bitrat
Version 1.38
C2

2.56.59.239:7355

Attributes
communication_password
c7dd0cd2ba364f132afa1dc58698c64e
tor_process
tor
Targets
Target

063822ca7966327be6a3dadb06e16d6c.exe.vir

MD5

063822ca7966327be6a3dadb06e16d6c

Filesize

5MB

Score
10/10
SHA1

68f61f2bcf3c325adbb190b892297d78a4f75254

SHA256

515f555c06db60243a892bbdf57704792956569387482f6a7a001a782bb6bcd1

SHA512

8c6e0963f3d8c4510426e8cf7511e62cd65eb6873037e235f9b27ac52736f4535ccc1cf499e2c689285c4bc76a9e3cb276c6dc5144bf1bd1222714333e698be5

Tags

Signatures

  • BitRAT

    Description

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Themida packer

    Description

    Detects Themida, an advanced Windows software protection system.

    Tags

  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        7/10

                        behavioral1

                        7/10

                        behavioral2

                        10/10

                        behavioral3

                        1/10