e-transfer.img

General
Target

e-transfer.img

Size

300MB

Sample

220119-y83aqachhm

Score
10 /10
MD5

de3a4c3319fffd14a016b32e59ded549

SHA1

03fdb123f412cad89a9dcf33f54a85b31de7221c

SHA256

35da1611e4771602b021b682b95550c90fe8c31ea1367a74d329a6f9e8768021

SHA512

73bac9d70a218253c1e3cba2c0a5499e033c6998775fb84125400d5df5f6bc665da304a484a9191526dafba590012afda353b555d654a788f9555f2848c4d15f

Malware Config

Extracted

Family bitrat
Version 1.38
C2

yakbitpeople.duckdns.org:9175

Attributes
communication_password
827ccb0eea8a706c4c34a16891f84e7b
tor_process
tor
Targets
Target

E_TRANSF.EXE

MD5

affebb601f181b9c290753caae06050a

Filesize

300MB

Score
10/10
SHA1

64942ee5d84b1a2262d02a1dd0ae1aa6e8b66486

SHA256

e2ce88575e964545d834e0bae841ec554b02fa4a290e645e19cb7556123bb49e

SHA512

3870beafddb9972863a2b0d74eeded9bd21eb3b8c13563808754927ce3a29579adad56e7eb3bc37b4777cb16caea0d9d5d233b01432aa42fe0c5ecafc3c025b2

Tags

Signatures

  • BitRAT

    Description

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    Tags

  • suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

    Description

    suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

    Tags

  • Executes dropped EXE

  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      1/10