Overview

overview

10

Static

static

8

reports_wi...ls.exe

windows7_x64

10

reports_wi...ls.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    23a7e72952bc225dfd94fe5ffc9d6e01bffe94ae20f5eab2504917f4a215dc0b

  • Size

    1.6MB

  • Sample

    220612-a6qbdabfa5

  • MD5

    c3d0545d3f41211e63ebd64f7532aa78

  • SHA1

    6f6c9d06b4ef863ab88d3dd333fa04e0c6d78dd2

  • SHA256

    23a7e72952bc225dfd94fe5ffc9d6e01bffe94ae20f5eab2504917f4a215dc0b

  • SHA512

    bed9f48dca60964e2c4cfeb6352f331e7d3b57cb70326dc91cc53b2b56fc3deccc7da5a65e920058668b0c6bb299db5f8d7c8f3484fa17b8f2678d7b0f95b54c

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.33

C2

79.134.225.40:9208

Attributes
  • communication_password

    77555ad472635aa7bc68409c04b44135

  • tor_process

    tor

Targets

    • Target

      reports_with_briefs/all_reports_compiled_xls_2020_contact_details.exe

    • Size

      1.7MB

    • MD5

      47b620b7cbd137f868164e97b3fb780f

    • SHA1

      25e8f4a8f2cec685a7c2e518b3d7c37a5207b66b

    • SHA256

      6614b6d818db6521977ffda9bf977df03f55ab9fbf2d91eccd4551bebf518521

    • SHA512

      9da78140c3e0b13defb4a686cad129c90268d3e8e2896e069e3c17461000bde9f08d0ad2fe71eb7f590a8ac9e3498556253f192aab28d90d6aa490da05d6d166

    Score
    10/10
    bitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks