hta.hta

General
Target

hta.hta

Size

3MB

Sample

220120-fqb2psfhg7

Score
10 /10
MD5

3aeb3119d5782739c238aa5c216f706e

SHA1

68e8ce8c8a39660555661d7436d9081ec2454dfa

SHA256

12138c2aca3eaebf6c6b3f1b7b24c68ea5b9d29d4e88ed8412b46b5ce8feb2bb

SHA512

fe47a283d8ddd9782a7ac9e9f77c427dd528fd3e8536c3a9e32c147313df326e256f8660c6633621b7282928bd02fa2cc7019cef2030ce4c09dd551e503ea4df

Malware Config

Extracted

Family bitrat
Version 1.38
C2

learnatallcost2.ddns.net:9050

Attributes
communication_password
4a3e00961a08879c34f91ca0070ea2f5
tor_process
tor
Targets
Target

hta.hta

MD5

3aeb3119d5782739c238aa5c216f706e

Filesize

3MB

Score
10/10
SHA1

68e8ce8c8a39660555661d7436d9081ec2454dfa

SHA256

12138c2aca3eaebf6c6b3f1b7b24c68ea5b9d29d4e88ed8412b46b5ce8feb2bb

SHA512

fe47a283d8ddd9782a7ac9e9f77c427dd528fd3e8536c3a9e32c147313df326e256f8660c6633621b7282928bd02fa2cc7019cef2030ce4c09dd551e503ea4df

Tags

Signatures

  • BitRAT

    Description

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    Tags

  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10