General

  • Target

    4e3056448e294407b47e08e4dd3364b14acc1fe05d602cbe3347e10800f925ae

  • Size

    4.6MB

  • Sample

    220510-2lmtashfh3

  • MD5

    f0fd5d38ffa54d8dfd6456c0b7a8664b

  • SHA1

    36387a6cd5c900fb78e6fc67a88e84a472d05b61

  • SHA256

    4e3056448e294407b47e08e4dd3364b14acc1fe05d602cbe3347e10800f925ae

  • SHA512

    80b57e0e8feb4241631adfd73678ea8c4094397c4053855bfd3cce2d4762be8c67da46fe3e41b73766596723d370692cb31a75ba2bf475b40f2c4f2c1a9eb7db

Score
10/10

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

https.myvnc.com:9111

Attributes
  • communication_password

    c4ca4238a0b923820dcc509a6f75849b

  • tor_process

    tor

Targets

    • Target

      4e3056448e294407b47e08e4dd3364b14acc1fe05d602cbe3347e10800f925ae

    • Size

      4.6MB

    • MD5

      f0fd5d38ffa54d8dfd6456c0b7a8664b

    • SHA1

      36387a6cd5c900fb78e6fc67a88e84a472d05b61

    • SHA256

      4e3056448e294407b47e08e4dd3364b14acc1fe05d602cbe3347e10800f925ae

    • SHA512

      80b57e0e8feb4241631adfd73678ea8c4094397c4053855bfd3cce2d4762be8c67da46fe3e41b73766596723d370692cb31a75ba2bf475b40f2c4f2c1a9eb7db

    Score
    10/10
    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

      suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks