General

  • Target

    5adb53ca4445f20c2a26f896b636ad86b87ddff1aa85866a73a877f6ad1a51bc

  • Size

    2.0MB

  • Sample

    220121-3t6rtadhhk

  • MD5

    fc350ce8e12c4aa48d74e404cb028359

  • SHA1

    d787d46e6aef00e6766cc60d471df7e58009b276

  • SHA256

    5adb53ca4445f20c2a26f896b636ad86b87ddff1aa85866a73a877f6ad1a51bc

  • SHA512

    90e04be0318dff154236a340b347b2d7e237513afe5211dc87b3e5776d542f378edf9aa50ab31a09b1b0bd2aed62931e1477cdcd8b612455f85849f139bff5fc

Malware Config

Extracted

Family

bitrat

Version

1.35

C2

publiquilla.linkpc.net:9089

Attributes
  • communication_password

    bfdba24ee3d61f0260c4dc1034c3ee43

  • install_dir

    windowssecurirysercivehealtht

  • install_file

    windowssecuritrysercive.exe

  • tor_process

    tor

Targets

    • Target

      5adb53ca4445f20c2a26f896b636ad86b87ddff1aa85866a73a877f6ad1a51bc

    • Size

      2.0MB

    • MD5

      fc350ce8e12c4aa48d74e404cb028359

    • SHA1

      d787d46e6aef00e6766cc60d471df7e58009b276

    • SHA256

      5adb53ca4445f20c2a26f896b636ad86b87ddff1aa85866a73a877f6ad1a51bc

    • SHA512

      90e04be0318dff154236a340b347b2d7e237513afe5211dc87b3e5776d542f378edf9aa50ab31a09b1b0bd2aed62931e1477cdcd8b612455f85849f139bff5fc

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks