9618345aad276496e7d33d390a0cdf5e

General
Target

9618345aad276496e7d33d390a0cdf5e

Size

322KB

Sample

220120-zwc1qsbfg9

Score
10 /10
MD5

9618345aad276496e7d33d390a0cdf5e

SHA1

49ea625e58a17a1992c767fc7afb137dbfd0419a

SHA256

dc9ddeb5493a529530acf29a62a5de10bef65ffb22ebea264818058bf9223ae6

SHA512

9c4d96bba45a6e589d597277d8454a89781a53b0b6419b4f4ef04f02576a424f7efdc5a9c4f5a426742544d6d054b1ab14aebad6a6a6a355c8c3a0345778ca6d

Malware Config

Extracted

Family bitrat
Version 1.38
C2

20deenero.con-ip.com:3005

Attributes
communication_password
202cb962ac59075b964b07152d234b70
install_dir
AppData
install_file
chrome.exe
tor_process
tor
Targets
Target

9618345aad276496e7d33d390a0cdf5e

MD5

9618345aad276496e7d33d390a0cdf5e

Filesize

322KB

Score
10/10
SHA1

49ea625e58a17a1992c767fc7afb137dbfd0419a

SHA256

dc9ddeb5493a529530acf29a62a5de10bef65ffb22ebea264818058bf9223ae6

SHA512

9c4d96bba45a6e589d597277d8454a89781a53b0b6419b4f4ef04f02576a424f7efdc5a9c4f5a426742544d6d054b1ab14aebad6a6a6a355c8c3a0345778ca6d

Tags

Signatures

  • BitRAT

    Description

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    Tags

  • Sets service image path in registry

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    10/10

                    behavioral2

                    10/10