bitrat | 8a5492235174eed38c4ed85ce6a13f0076cb73c50fb8f1cad704551403a85e63 | Triage

Submit
Reports

Overview

overview

Static

static

NWASW.exe

windows7_x64

NWASW.exe

windows10-2004_x64

Resubmissions

14-04-2022 13:04

220414-qa3vlahfek 10

31-03-2022 14:57

220331-sb2p2adfa4 8

Sharing

General

Target

NWASW.exe
Size

1.4MB
Sample

220414-qa3vlahfek
MD5

f50b3a031cb4b833464495e0241bda98
SHA1

54c66169986c8a238aa0e6cf5fb537e31a9f716a
SHA256

8a5492235174eed38c4ed85ce6a13f0076cb73c50fb8f1cad704551403a85e63
SHA512

37b27936616e0d3d4a7cc395896da6c21f6a2412e789ee48ee53fe0521f5ee65acf7b3b8ea602ec6aab0fe2cd52a927fb054c6e2a20624d6512e0f99a809c562

Score

10^/10

bitrat suricata upx

Static task

static1

Behavioral task

behavioral1

Sample

NWASW.exe

Resource

win7-20220331-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

NWASW.exe

Resource

win10v2004-20220310-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

zopp.nerdpol.ovh:2222

Attributes

communication_password
653d716345d8915046b904b90f41f271
tor_process
tor

Targets

- Target
  
  NWASW.exe
- Size
  
  1.4MB
- MD5
  
  f50b3a031cb4b833464495e0241bda98
- SHA1
  
  54c66169986c8a238aa0e6cf5fb537e31a9f716a
- SHA256
  
  8a5492235174eed38c4ed85ce6a13f0076cb73c50fb8f1cad704551403a85e63
- SHA512
  
  37b27936616e0d3d4a7cc395896da6c21f6a2412e789ee48ee53fe0521f5ee65acf7b3b8ea602ec6aab0fe2cd52a927fb054c6e2a20624d6512e0f99a809c562
Score

10^/10

suricata
- suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy