General

  • Target

    hta.hta

  • Size

    3.6MB

  • Sample

    220120-fqb2psfhg7

  • MD5

    3aeb3119d5782739c238aa5c216f706e

  • SHA1

    68e8ce8c8a39660555661d7436d9081ec2454dfa

  • SHA256

    12138c2aca3eaebf6c6b3f1b7b24c68ea5b9d29d4e88ed8412b46b5ce8feb2bb

  • SHA512

    fe47a283d8ddd9782a7ac9e9f77c427dd528fd3e8536c3a9e32c147313df326e256f8660c6633621b7282928bd02fa2cc7019cef2030ce4c09dd551e503ea4df

Score
10/10

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

learnatallcost2.ddns.net:9050

Attributes
  • communication_password

    4a3e00961a08879c34f91ca0070ea2f5

  • tor_process

    tor

Targets

    • Target

      hta.hta

    • Size

      3.6MB

    • MD5

      3aeb3119d5782739c238aa5c216f706e

    • SHA1

      68e8ce8c8a39660555661d7436d9081ec2454dfa

    • SHA256

      12138c2aca3eaebf6c6b3f1b7b24c68ea5b9d29d4e88ed8412b46b5ce8feb2bb

    • SHA512

      fe47a283d8ddd9782a7ac9e9f77c427dd528fd3e8536c3a9e32c147313df326e256f8660c6633621b7282928bd02fa2cc7019cef2030ce4c09dd551e503ea4df

    Score
    10/10
    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks