ce34983daaf59073e75de319dd60c921

Target

Size

32KB

Sample

220118-wlcqfacda4

Score

10 ^/10

MD5

ce34983daaf59073e75de319dd60c921

SHA1

233c0d6bebb90428b0a314a48813d1ff1a878049

SHA256

da3061f2d4d129dcac0ccaea37df5535ed522eca6610a995fe2f864d25543949

SHA512

f850bb5d09fa1bc9421a8c96dc4f2516f8fca03cb0598ee90546e151b91ea53fb288f988859d22e0a0e1c82e911d193bfc559eb0f9435b3c3745b0069f87a66e

Extracted

Family	bitrat
Version	1.38
C2	18denero.con-ip.com:3005 18denero.con-ip.com:3005
Attributes	communication_password 202cb962ac59075b964b07152d234b70 tor_process tor

Target

ce34983daaf59073e75de319dd60c921

MD5

ce34983daaf59073e75de319dd60c921

Filesize

32KB

Score

10^/10

SHA1

233c0d6bebb90428b0a314a48813d1ff1a878049

SHA256

da3061f2d4d129dcac0ccaea37df5535ed522eca6610a995fe2f864d25543949

SHA512

f850bb5d09fa1bc9421a8c96dc4f2516f8fca03cb0598ee90546e151b91ea53fb288f988859d22e0a0e1c82e911d193bfc559eb0f9435b3c3745b0069f87a66e

Signatures

BitRAT
Description

BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
Tags

trojan bitrat
UPX packed file
Description

Detects executables packed with UPX/modified UPX open source packer.
Tags

upx
Checks computer location settings
Description

Looks up country code configured in the registry, likely geofence.
TTPs

Query RegistrySystem Information Discovery
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

behavioral1

bitrat trojan upx

10^/10

behavioral2

bitrat trojan upx

10^/10

Extracted

Tags

Signatures

BitRAT

Description

Tags

UPX packed file

Description

Tags

Checks computer location settings

Description

TTPs

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2