General

  • Target

    7581476122.zip

  • Size

    1.5MB

  • Sample

    220617-wld89schbk

  • MD5

    52afa2f3b9a3dfadcf5fd7210b9aed06

  • SHA1

    1a5f3b36e0ba103d20089f4a34b4db5523d419c4

  • SHA256

    cf6d98bae753d07d6f8050ee48038f2969fa60b58d86c27a99330427b7c1b9ef

  • SHA512

    9b0223bca1843eca4ec0de4987184f8cbc52126f4c0e6858dd2c77697095bd9010774ba8248422e8364be91bf2d6f660e3d1a389da02c7f3c755101a2c9ae7d9

Score
10/10

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitrat9300.duckdns.org:9300

Attributes
  • communication_password

    e10adc3949ba59abbe56e057f20f883e

  • tor_process

    tor

Targets

    • Target

      BUD6HCGS_ETRANSFER_RECEIPT.exe

    • Size

      200.0MB

    • MD5

      4adbac216516812a5aaef7114bfb7113

    • SHA1

      68e86d9070f63bb4860ba87cc6414b2dfcf47da8

    • SHA256

      839907fe5e1d61d13e9e4242f6bb3d983b14f972f32b8cfa7f04ccb7c0e3e735

    • SHA512

      f196da861aa55c1683e7bfb02c386eb5bcbbd27deffd46fda045d05d84109cfcd61b58d79bd6667588a1359e9b979be4c9b8b022453d71409b64c8fe5160dbd1

    Score
    10/10
    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Tasks