Overview

overview

10

Static

static

dd076dcb01...25.exe

windows7_x64

10

dd076dcb01...25.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dd076dcb0105055efd6e3bb1a8ad0116e600447a80788081a38b67c120b61a25

  • Size

    2.1MB

  • Sample

    220121-21yjcacbb9

  • MD5

    3112f00605198acf9bb536f4857acbc8

  • SHA1

    6a2baf266241e6d5ef90b05c9bfcef31adc34dff

  • SHA256

    dd076dcb0105055efd6e3bb1a8ad0116e600447a80788081a38b67c120b61a25

  • SHA512

    3621785e59eeb83679cc8d9e4a224f2c1147e4f2a35863160b9519d330741968b787e46b4f9bbdb615fca6a4eafc31cd86fa29321fa8652a20cf16afa34b3f60

Score
10/10
bitratpersistencetrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.35

C2

publiquilla.linkpc.net:9096

Attributes
  • communication_password

    bfdba24ee3d61f0260c4dc1034c3ee43

  • install_dir

    antivirusscamdefenderlogss

  • install_file

    antivirusscamdefenderlog.exe

  • tor_process

    tor

Targets

    • Target

      dd076dcb0105055efd6e3bb1a8ad0116e600447a80788081a38b67c120b61a25

    • Size

      2.1MB

    • MD5

      3112f00605198acf9bb536f4857acbc8

    • SHA1

      6a2baf266241e6d5ef90b05c9bfcef31adc34dff

    • SHA256

      dd076dcb0105055efd6e3bb1a8ad0116e600447a80788081a38b67c120b61a25

    • SHA512

      3621785e59eeb83679cc8d9e4a224f2c1147e4f2a35863160b9519d330741968b787e46b4f9bbdb615fca6a4eafc31cd86fa29321fa8652a20cf16afa34b3f60

    Score
    10/10
    bitratpersistencetrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks