General

  • Target

    6cd1ceb6a9ceb4218c023fbb6be825fec81d9341849bf25fc659c4974864da0e

  • Size

    3.3MB

  • Sample

    220513-n92qgafca5

  • MD5

    af3d87b1bbf5db0a0fd3517915ac6efc

  • SHA1

    a3c0ac37e224e9d0d96d255c3deca5515d12a307

  • SHA256

    6cd1ceb6a9ceb4218c023fbb6be825fec81d9341849bf25fc659c4974864da0e

  • SHA512

    329e86269bc756cfb926e120234be1e3ca694485e0a6af989d62f3b8358bac4ac90713c89fd0b9e8e785b2dd724087f14f878bff8af8862f428c0c70af8a408b

Score
10/10

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

https.myvnc.com:9111

Attributes
  • communication_password

    c4ca4238a0b923820dcc509a6f75849b

  • tor_process

    tor

Targets

    • Target

      6cd1ceb6a9ceb4218c023fbb6be825fec81d9341849bf25fc659c4974864da0e

    • Size

      3.3MB

    • MD5

      af3d87b1bbf5db0a0fd3517915ac6efc

    • SHA1

      a3c0ac37e224e9d0d96d255c3deca5515d12a307

    • SHA256

      6cd1ceb6a9ceb4218c023fbb6be825fec81d9341849bf25fc659c4974864da0e

    • SHA512

      329e86269bc756cfb926e120234be1e3ca694485e0a6af989d62f3b8358bac4ac90713c89fd0b9e8e785b2dd724087f14f878bff8af8862f428c0c70af8a408b

    Score
    10/10
    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

      suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks