Overview

overview

10

Static

static

F6SNA4S9KD...PT.iso

windows7_x64

3

F6SNA4S9KD...PT.iso

windows10-2004_x64

3

F6SNA4S9KD...PT.exe

windows7_x64

10

F6SNA4S9KD...PT.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    F6SNA4S9KD7_ETRANSFER_RECEIPT.zip

  • Size

    1.8MB

  • Sample

    220606-xlfmrsfbcr

  • MD5

    c4c2eae78a0a4f448b8111454da6bfce

  • SHA1

    1ce0ffe7b3b0196938c5783e24e8a3b57b077552

  • SHA256

    3368c73256020d0096f04966c0e7443d1d6d2337c080c370fd7ceb8f1fcf3314

  • SHA512

    0bd8508e1398be29d86cd8367d81ef41336ee886e6433dda8cd8bbbc81ae990c8a9e22baba4d42010f6ed9a04febcffd86ed50d457cee3b445eac3ff85061479

Score
10/10
bitratsuricatatrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitrat9300.duckdns.org:9300

Attributes
  • communication_password

    e10adc3949ba59abbe56e057f20f883e

  • tor_process

    tor

Targets

    • Target

      F6SNA4S9KD7_ETRANSFER_RECEIPT.iso

    • Size

      300.6MB

    • MD5

      c1236b62b55e2f52d0d4cfa4f20af1a7

    • SHA1

      87e757fd829df3d0adfa66e99aa755f3c3d399a2

    • SHA256

      57b0116b1304296ff75e986d2dfcb2933331e9ca6336026bd4fdca89b0209acf

    • SHA512

      7e4742bd70e98d4647a86251c0fdee7f5b1dc999813033815b87910dd6d3ec9ea737c0d9d43d9714a7cbc53849d20e14cb540614613da05f573b5935f140da4d

    Score
    3/10
    behavioral1behavioral2

    • Target

      F6SNA4S9KD7_ETRANSFER_RECEIPT.exe

    • Size

      300.0MB

    • MD5

      57b653c941b2f756f705dc40d5abf80e

    • SHA1

      c0c0101c1b2a523e6baf7964ba94e733fae77c32

    • SHA256

      deacd98df57ca5cab910cab1fba939fd02eab616cb70993fd5eae81c6547cda0

    • SHA512

      be671100021853d8932b48dcda89e63a79832d7ff030527e69cee5076b8d247c206a12707330698d8781ea7a43f5758323f6f4a9627389e98be41ce029ef717f

    Score
    10/10
    bitratsuricatatrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

      suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

      suricata

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks