Overview

overview

10

Static

static

JO37GDDJF5...PT.exe

windows7_x64

10

JO37GDDJF5...PT.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9cffb6211e8011ba4c01d72c0b34492c

  • Size

    2.5MB

  • Sample

    220621-r8g68aedhl

  • MD5

    9cffb6211e8011ba4c01d72c0b34492c

  • SHA1

    3eb1273e0e6516ad90fe2417844523da85006ea6

  • SHA256

    234cad9129c3468824397de31f34b9a564f5e49f2312f057be94cae409004daf

  • SHA512

    da8a36913246e54c21e06bad78d471b5aedb74fe6cc27d363e1003ed299ac9d3285231b8cbc0a0bbde9a75c668695d0f9f63db711b4d8a803b2941552daf2373

Score
10/10
bitratsuricatatrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitrat9300.duckdns.org:9300

Attributes
  • communication_password

    e10adc3949ba59abbe56e057f20f883e

  • tor_process

    tor

Targets

    • Target

      JO37GDDJF5_ETRANSFER_RECEIPT.exe

    • Size

      300.0MB

    • MD5

      9f791a0a9f76db609b44f0e3bf7bdef5

    • SHA1

      0481f2e178c7a34b3d855e5c53553337fe2008ed

    • SHA256

      ccd71d751bf017dee31f76eceded9aa6832f5e19b5389584d3665f76b4f0caf2

    • SHA512

      06889bebdf092e4f1563e697e9c619a147954ffcb1f9dd9e9a9238d1410442373f95558c02e6bae6f5d832f89a46eab8b08114699f7321ce2e1150a69f1ad1ee

    Score
    10/10
    bitratsuricatatrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

      suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)

      suricata

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks