Overview

overview

10

Static

static

10

sample.exe

windows7_x64

10

sample.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sample.exe

  • Size

    5.7MB

  • Sample

    220130-w5qfmshbg4

  • MD5

    b98785b20bc7c89ca6822a14068bfdd9

  • SHA1

    4ad68bfe2a0f215478e56b25ce058345d6ccce33

  • SHA256

    065d835e97dcd0e648e4114cb7f5d65eeb20d9bf16eb421fe547990b0d376b7c

  • SHA512

    2929a40d52b23728ceac807f08161e22d350a51ab1d56fe25c49c7d5c38564f277bb3c98733b7527e07cafece9c1b286605a7e8b195acc3460f9fb7e98f77f8c

Score
10/10
bitratpersistencetrojan

Malware Config

Targets

    • Target

      sample.exe

    • Size

      5.7MB

    • MD5

      b98785b20bc7c89ca6822a14068bfdd9

    • SHA1

      4ad68bfe2a0f215478e56b25ce058345d6ccce33

    • SHA256

      065d835e97dcd0e648e4114cb7f5d65eeb20d9bf16eb421fe547990b0d376b7c

    • SHA512

      2929a40d52b23728ceac807f08161e22d350a51ab1d56fe25c49c7d5c38564f277bb3c98733b7527e07cafece9c1b286605a7e8b195acc3460f9fb7e98f77f8c

    Score
    10/10
    bitratpersistencetrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • BitRAT Payload

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks