General

  • Target

    493141e2ee8109f97bd9c700bf9a1f2c79b1a6cdd089f95f16ca9974abcff80e

  • Size

    2.1MB

  • Sample

    220130-sg43cadee7

  • MD5

    9614b215f5218f198dde99788821ec93

  • SHA1

    5f16b241acd525a65262d67b273ab7ac5ae22b02

  • SHA256

    493141e2ee8109f97bd9c700bf9a1f2c79b1a6cdd089f95f16ca9974abcff80e

  • SHA512

    a4239c25cc0e2f3a1c6df91d65783c41fa7e484b47162cd2664d4926bcb677fcf0fc3550de0f7a68b0057c9f88f8bb34663e086bac11918b4ecd677e06d3072d

Malware Config

Extracted

Family

bitrat

Version

1.35

C2

publiquilla.linkpc.net:9096

Attributes
  • communication_password

    bfdba24ee3d61f0260c4dc1034c3ee43

  • install_dir

    antivirusscamdefenderlogss

  • install_file

    antivirusscamdefenderlog.exe

  • tor_process

    tor

Targets

    • Target

      493141e2ee8109f97bd9c700bf9a1f2c79b1a6cdd089f95f16ca9974abcff80e

    • Size

      2.1MB

    • MD5

      9614b215f5218f198dde99788821ec93

    • SHA1

      5f16b241acd525a65262d67b273ab7ac5ae22b02

    • SHA256

      493141e2ee8109f97bd9c700bf9a1f2c79b1a6cdd089f95f16ca9974abcff80e

    • SHA512

      a4239c25cc0e2f3a1c6df91d65783c41fa7e484b47162cd2664d4926bcb677fcf0fc3550de0f7a68b0057c9f88f8bb34663e086bac11918b4ecd677e06d3072d

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks