General

  • Target

    Server.ps1

  • Size

    3.1MB

  • Sample

    220506-pjwxzahgh4

  • MD5

    130807ee9aae9a5ba0c206b6eeb74982

  • SHA1

    8970a669e4b1f1a2b42486ee5d9968bd466d523a

  • SHA256

    3cead87d0418ee97c2fbddf19c699c58203c40e524e76bb08f26dcce9eb6dfdf

  • SHA512

    b14fb98990e827f7a7fc7f09174ba34ba66dac16b8a47037fc463aa344d2b102fa67628a270919b88262c70594c7f7dbede6cb056a6e08a88a43673f522fabee

Score
10/10

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitratnew9200.duckdns.org:9200

Attributes
  • communication_password

    e10adc3949ba59abbe56e057f20f883e

  • tor_process

    tor

Targets

    • Target

      Server.ps1

    • Size

      3.1MB

    • MD5

      130807ee9aae9a5ba0c206b6eeb74982

    • SHA1

      8970a669e4b1f1a2b42486ee5d9968bd466d523a

    • SHA256

      3cead87d0418ee97c2fbddf19c699c58203c40e524e76bb08f26dcce9eb6dfdf

    • SHA512

      b14fb98990e827f7a7fc7f09174ba34ba66dac16b8a47037fc463aa344d2b102fa67628a270919b88262c70594c7f7dbede6cb056a6e08a88a43673f522fabee

    Score
    10/10
    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks