Overview

overview

10

Static

static

e-transfer.exe

windows7_x64

10

e-transfer.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4893180638691328.zip

  • Size

    1.5MB

  • Sample

    220121-2d3jsabeh9

  • MD5

    69a03d2288a1b9e316bf05c76aefd540

  • SHA1

    fe5aa10a58975f3f1eaacf737b45be7509638dd0

  • SHA256

    75639cd5a8a06fc5b613712776f209a28f665a875ab5cf24fe762c5e061d6efd

  • SHA512

    7dcf156ff5161a61410f75053b5a01b2291d8fe52ef81e705b284dc55550f62b01cc6917e5cc40b0c79d5c8b6ca84bbf4783826ac3630c6caa67dedbd6a011be

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

newbitpeople.duckdns.org:8185

Attributes
  • communication_password

    827ccb0eea8a706c4c34a16891f84e7b

  • tor_process

    tor

Targets

    • Target

      e-transfer.exe

    • Size

      300.0MB

    • MD5

      e7c42ecec20b2ecf8470f9f1fa23a521

    • SHA1

      0716d82f263acaa03a30831a5e13979e902d8d19

    • SHA256

      f38c72d43ccff7ee0243bb4c2aa2c44a725ebe2352bc8ab9887ee54f9e59ecb9

    • SHA512

      170b58d579cd0e9a2c268ab27c4b97c135c4b35140cfc347c9967edb5c2d0929e1790b5c3e556a779257c4763c7549a8d6c6a24eddb4a84866aa7a86d594f6f8

    Score
    10/10
    bitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks