General

  • Target

    3347dda6585fa274930bf6e9fc8193d07bf088130adfba6a2078be21bcb2ab18

  • Size

    794KB

  • Sample

    220516-tvn4qaadh6

  • MD5

    c9173a4e86b153cb3aa7ee398ea3f570

  • SHA1

    2b1dc343af4f6a597e36be94e3945372f7221b22

  • SHA256

    3347dda6585fa274930bf6e9fc8193d07bf088130adfba6a2078be21bcb2ab18

  • SHA512

    0266d45f75a8746edf8234c62856cdb9ff89c582a8fb98e6af198bb9c3fd317b686400b006fe2987e2f6ff36cea78af515054fc1bb646e59c651387be5a84254

Malware Config

Targets

    • Target

      3347dda6585fa274930bf6e9fc8193d07bf088130adfba6a2078be21bcb2ab18

    • Size

      794KB

    • MD5

      c9173a4e86b153cb3aa7ee398ea3f570

    • SHA1

      2b1dc343af4f6a597e36be94e3945372f7221b22

    • SHA256

      3347dda6585fa274930bf6e9fc8193d07bf088130adfba6a2078be21bcb2ab18

    • SHA512

      0266d45f75a8746edf8234c62856cdb9ff89c582a8fb98e6af198bb9c3fd317b686400b006fe2987e2f6ff36cea78af515054fc1bb646e59c651387be5a84254

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • BitRAT Payload

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks