Overview

overview

10

Static

static

Ccanfnr.exe

windows7_x64

10

Ccanfnr.exe

windows10-2004_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ccanfnr.exe

  • Size

    65KB

  • Sample

    220602-xjj76sabh7

  • MD5

    41365f2622c47f607f25da8c7ea1b859

  • SHA1

    f42a247310298c0d1f35562effe88a363200c2d6

  • SHA256

    524a9dee690071ce0745f925aa6e4a7cac136f112c4a6f1b5a2015a65f4cc9df

  • SHA512

    b925d44282ff6bb3f97f0ad1d86a83011dc226122c254e68d3ad1ba1699503979ca4ffcfa2c18957d949d269f2ae792b614d5d713c6d629c5d3e79c055586216

Score
10/10
bitratpersistencesuricatatrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

gfeqqgeag.duckdns.org:1880

Attributes
  • communication_password

    202cb962ac59075b964b07152d234b70

  • tor_process

    tor

Targets

    • Target

      Ccanfnr.exe

    • Size

      65KB

    • MD5

      41365f2622c47f607f25da8c7ea1b859

    • SHA1

      f42a247310298c0d1f35562effe88a363200c2d6

    • SHA256

      524a9dee690071ce0745f925aa6e4a7cac136f112c4a6f1b5a2015a65f4cc9df

    • SHA512

      b925d44282ff6bb3f97f0ad1d86a83011dc226122c254e68d3ad1ba1699503979ca4ffcfa2c18957d949d269f2ae792b614d5d713c6d629c5d3e79c055586216

    Score
    10/10
    bitratpersistencesuricatatrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

      suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

      suricata

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks