Overview

overview

10

Static

static

8

F6SNA4S9KD...PT.exe

windows7_x64

10

F6SNA4S9KD...PT.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    F6SNA4S9KD7_ETRANSFER_RECEIPT.exe

  • Size

    1.4MB

  • Sample

    220607-tb73gsbac8

  • MD5

    cc065fdab084a5641fb063425a9b3a29

  • SHA1

    24957d8aedb7b77d89a8b43c1223f5b2c58e5592

  • SHA256

    ecd4c729aa757a8833d0fca4a19208fe2c53c006613b4b81e79cba82d960f48b

  • SHA512

    6742edc01b8757618f621a1666afdf2faa49dd69c78f4ecd12067af982d2783a880be6c6a943e18f993056cb3f10524024eb0b11724bdacc45c3ce9b949182e4

Score
10/10
bitratsuricatatrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitrat9300.duckdns.org:9300

Attributes
  • communication_password

    e10adc3949ba59abbe56e057f20f883e

  • tor_process

    tor

Targets

    • Target

      F6SNA4S9KD7_ETRANSFER_RECEIPT.exe

    • Size

      1.4MB

    • MD5

      cc065fdab084a5641fb063425a9b3a29

    • SHA1

      24957d8aedb7b77d89a8b43c1223f5b2c58e5592

    • SHA256

      ecd4c729aa757a8833d0fca4a19208fe2c53c006613b4b81e79cba82d960f48b

    • SHA512

      6742edc01b8757618f621a1666afdf2faa49dd69c78f4ecd12067af982d2783a880be6c6a943e18f993056cb3f10524024eb0b11724bdacc45c3ce9b949182e4

    Score
    10/10
    bitratsuricatatrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

      suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

      suricata

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks