Bon de commande.exe

General
Target

Bon de commande.exe

Size

26KB

Sample

220121-qjlbxahfhm

Score
10 /10
MD5

00286c04e7817a33d830719ef9afda61

SHA1

3e59b07e3aa255dc4086c9c631d814ac201e9951

SHA256

263b305d6a17491a0dd9dd32c5e56536263326e716e0474a132c1d8f8cc0878d

SHA512

917d83abba42301eabf3e5bdc7450300150925955cc2b6ddb40b28338c2014ec30c234fad245bc19f5d5345f5ad5de55e0a738e7bb9fa96b765117c3410a8612

Malware Config

Extracted

Family bitrat
Version 1.38
C2

severdops.ddns.net:3071

Attributes
communication_password
29ef52e7563626a96cea7f4b4085c124
tor_process
tor
Targets
Target

Bon de commande.exe

MD5

00286c04e7817a33d830719ef9afda61

Filesize

26KB

Score
10/10
SHA1

3e59b07e3aa255dc4086c9c631d814ac201e9951

SHA256

263b305d6a17491a0dd9dd32c5e56536263326e716e0474a132c1d8f8cc0878d

SHA512

917d83abba42301eabf3e5bdc7450300150925955cc2b6ddb40b28338c2014ec30c234fad245bc19f5d5345f5ad5de55e0a738e7bb9fa96b765117c3410a8612

Tags

Signatures

  • BitRAT

    Description

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    Tags

  • suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

    Description

    suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

    Tags

  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1