Document.exe

General
Target

Document.exe

Size

839KB

Sample

220119-sblc2saghk

Score
10 /10
MD5

2a5a12f5a3bc62ecd263e1ebde57cba7

SHA1

f1d3ba0fc6343e145663c944e6aeebe5e96eaa6b

SHA256

b93811479bf82f08e97be19c596166482cdb2b31b8762c8c310307dfd6dab61e

SHA512

81657258531d71b064b749f62f6d6570c4c0478c14d67655d1565965f4b772aea82a22561d0e5dc562bfdbca85a7dda03fd95ec7b8ebc43e632b9d817435de66

Malware Config

Extracted

Family bitrat
Version 1.38
C2

covid66758.ddns.net:9090

Attributes
communication_password
b4df9f494056d51f86c7f1a89850c467
tor_process
tor
Targets
Target

Document.exe

MD5

2a5a12f5a3bc62ecd263e1ebde57cba7

Filesize

839KB

Score
10/10
SHA1

f1d3ba0fc6343e145663c944e6aeebe5e96eaa6b

SHA256

b93811479bf82f08e97be19c596166482cdb2b31b8762c8c310307dfd6dab61e

SHA512

81657258531d71b064b749f62f6d6570c4c0478c14d67655d1565965f4b772aea82a22561d0e5dc562bfdbca85a7dda03fd95ec7b8ebc43e632b9d817435de66

Tags

Signatures

  • BitRAT

    Description

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    Tags

  • suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

    Description

    suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

    Tags

  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral2

                      1/10