AudioApplication.vbs

General
Target

AudioApplication.vbs

Size

3KB

Sample

220119-hxneesffh4

Score
10 /10
MD5

257cb7d47ef7b5221bd8d95cbdd7f47e

SHA1

0f4cb975fbaf27684908503de9476a2d02646734

SHA256

b425d52cfdada3b73bdc0cb7bbcb57b72f2b2b95182dbc2d61fafecdcc6aa5f9

SHA512

d0f100255b697a85393a2961f11d4d490df8a0af31133629673cd69b2a4f8a85fe45e051557ddcfa69679aa392d3a8138a013d4fff7674bdb918e491c2356a67

Malware Config

Extracted

Language hta
Source
URLs
hta.dropper

http://185.7.214.7/BITRA/oo.html

Extracted

Language ps1
Deobfuscated
URLs
ps1.dropper

http://185.7.214.7/BITRA/AU.PNG

Extracted

Language ps1
Deobfuscated
URLs
ps1.dropper

http://185.7.214.7/BITRA/YES.PNG

Extracted

Family bitrat
Version 1.38
C2

185.7.214.8:4884
Attributes
communication_password
311f4e4b7562e9d5ba31bd6afa686479
tor_process
tor
Targets
Target

AudioApplication.vbs

MD5

257cb7d47ef7b5221bd8d95cbdd7f47e

Filesize

3KB

Score
10/10
SHA1

0f4cb975fbaf27684908503de9476a2d02646734

SHA256

b425d52cfdada3b73bdc0cb7bbcb57b72f2b2b95182dbc2d61fafecdcc6aa5f9

SHA512

d0f100255b697a85393a2961f11d4d490df8a0af31133629673cd69b2a4f8a85fe45e051557ddcfa69679aa392d3a8138a013d4fff7674bdb918e491c2356a67

Tags

Signatures

  • BitRAT

    Description

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    Tags

  • Blocklisted process makes network request

  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

Related Tasks

behavioral1behavioral2
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10