Overview

overview

10

Static

static

F6SNA4S9KD...PT.exe

windows7_x64

10

F6SNA4S9KD...PT.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    F6SNA4S9KD7_ETRANSFER_RECEIPT.zip

  • Size

    1.8MB

  • Sample

    220606-svq3mshcf4

  • MD5

    c4c2eae78a0a4f448b8111454da6bfce

  • SHA1

    1ce0ffe7b3b0196938c5783e24e8a3b57b077552

  • SHA256

    3368c73256020d0096f04966c0e7443d1d6d2337c080c370fd7ceb8f1fcf3314

  • SHA512

    0bd8508e1398be29d86cd8367d81ef41336ee886e6433dda8cd8bbbc81ae990c8a9e22baba4d42010f6ed9a04febcffd86ed50d457cee3b445eac3ff85061479

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitrat9300.duckdns.org:9300

Attributes
  • communication_password

    e10adc3949ba59abbe56e057f20f883e

  • tor_process

    tor

Targets

    • Target

      F6SNA4S9KD7_ETRANSFER_RECEIPT.exe

    • Size

      300.0MB

    • MD5

      57b653c941b2f756f705dc40d5abf80e

    • SHA1

      c0c0101c1b2a523e6baf7964ba94e733fae77c32

    • SHA256

      deacd98df57ca5cab910cab1fba939fd02eab616cb70993fd5eae81c6547cda0

    • SHA512

      be671100021853d8932b48dcda89e63a79832d7ff030527e69cee5076b8d247c206a12707330698d8781ea7a43f5758323f6f4a9627389e98be41ce029ef717f

    Score
    10/10
    bitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks