Overview

overview

10

Static

static

e-transfer.exe

windows7_x64

10

e-transfer.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5204583970930688.zip

  • Size

    1.5MB

  • Sample

    220121-1adktabcc3

  • MD5

    abe355c5e74e651176bc433d272408bd

  • SHA1

    e01e4fe0c2c21ee6a61d41d9b4d2c09d2724f67d

  • SHA256

    973926297abfda903b9b6ef303f7b0b6c7eddb184f9f26563a5adea43915ce8d

  • SHA512

    830518e3a80189825b2eadb492f171275b53b9fbb2527d949581132ce05a309ed8518aef55a0837b16563ae5ccbfa415df515a1a74e4c97894eed5b7adabb6bc

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

yakbitpeople.duckdns.org:9175

Attributes
  • communication_password

    827ccb0eea8a706c4c34a16891f84e7b

  • tor_process

    tor

Targets

    • Target

      e-transfer.exe

    • Size

      300.0MB

    • MD5

      affebb601f181b9c290753caae06050a

    • SHA1

      64942ee5d84b1a2262d02a1dd0ae1aa6e8b66486

    • SHA256

      e2ce88575e964545d834e0bae841ec554b02fa4a290e645e19cb7556123bb49e

    • SHA512

      3870beafddb9972863a2b0d74eeded9bd21eb3b8c13563808754927ce3a29579adad56e7eb3bc37b4777cb16caea0d9d5d233b01432aa42fe0c5ecafc3c025b2

    Score
    10/10
    bitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks