General

  • Target

    Order-801273.exe

  • Size

    400.0MB

  • Sample

    220518-nq1dashcc4

  • MD5

    c9a9d18ead3057717c60eefeaf011ba4

  • SHA1

    af5ba38e123ca5978463f94941c9713cf62d7829

  • SHA256

    3ebc4d88afd107563375136bce533101692f2fd8dbe38ee57bc192c8ff58168b

  • SHA512

    4599d8710065d5a6ec36e6112bc45955bd3fd9131d215d7a9e34bac880661c5c3d51694f78e85bd578747e0bcffd531a2f77351e1aebec5cebbeabdd67f0daa9

Score
10/10

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

kot-pandora.duckdns.org:24993

Attributes
  • communication_password

    d6723e7cd6735df68d1ce4c704c29a04

  • tor_process

    tor

Targets

    • Target

      Order-801273.exe

    • Size

      400.0MB

    • MD5

      c9a9d18ead3057717c60eefeaf011ba4

    • SHA1

      af5ba38e123ca5978463f94941c9713cf62d7829

    • SHA256

      3ebc4d88afd107563375136bce533101692f2fd8dbe38ee57bc192c8ff58168b

    • SHA512

      4599d8710065d5a6ec36e6112bc45955bd3fd9131d215d7a9e34bac880661c5c3d51694f78e85bd578747e0bcffd531a2f77351e1aebec5cebbeabdd67f0daa9

    Score
    10/10
    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks