hta.hta

Target

hta.hta

Size

3MB

Sample

220120-fqb2psfhg7

Score

10 ^/10

MD5

3aeb3119d5782739c238aa5c216f706e

SHA1

68e8ce8c8a39660555661d7436d9081ec2454dfa

SHA256

12138c2aca3eaebf6c6b3f1b7b24c68ea5b9d29d4e88ed8412b46b5ce8feb2bb

SHA512

fe47a283d8ddd9782a7ac9e9f77c427dd528fd3e8536c3a9e32c147313df326e256f8660c6633621b7282928bd02fa2cc7019cef2030ce4c09dd551e503ea4df

Extracted

Family	bitrat
Version	1.38
C2	learnatallcost2.ddns.net:9050 learnatallcost2.ddns.net:9050
Attributes	communication_password 4a3e00961a08879c34f91ca0070ea2f5 tor_process tor

Target

hta.hta

MD5

3aeb3119d5782739c238aa5c216f706e

Filesize

3MB

Score

10^/10

SHA1

68e8ce8c8a39660555661d7436d9081ec2454dfa

SHA256

12138c2aca3eaebf6c6b3f1b7b24c68ea5b9d29d4e88ed8412b46b5ce8feb2bb

SHA512

fe47a283d8ddd9782a7ac9e9f77c427dd528fd3e8536c3a9e32c147313df326e256f8660c6633621b7282928bd02fa2cc7019cef2030ce4c09dd551e503ea4df

Signatures

BitRAT
Description

BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
Tags

trojan bitrat
UPX packed file
Description

Detects executables packed with UPX/modified UPX open source packer.
Tags

upx
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext

Related Tasks

behavioral1

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

behavioral1

bitrat trojan upx

10^/10

Extracted

Tags

Signatures

BitRAT

Description

Tags

UPX packed file

Description

Tags

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1