Overview

overview

10

Static

static

mrkbkdFdag.exe

windows7_x64

10

mrkbkdFdag.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mrkbkdFdag.exe

  • Size

    1.6MB

  • Sample

    220621-s8hy7ahfc4

  • MD5

    cf6e51ffe0d98c19e74880e8ce170a9a

  • SHA1

    2709d62f268d92c5d43aece4bd2089dace55c1ad

  • SHA256

    23e10e6ce7df576f68283f2ceb00b0975170a3ef778161b35e3bbb578b4c7416

  • SHA512

    25ff5c51aea16dc4f2ae5eb70f403eb2d386018297b86d0ccf4fe4dce6929d1409ae831c2721c404e9f58472873ce6e6b87a419b2355aee7fda7773366aab03a

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitrat9400.duckdns.org:9400

Attributes
  • communication_password

    e10adc3949ba59abbe56e057f20f883e

  • tor_process

    tor

Targets

    • Target

      mrkbkdFdag.exe

    • Size

      1.6MB

    • MD5

      cf6e51ffe0d98c19e74880e8ce170a9a

    • SHA1

      2709d62f268d92c5d43aece4bd2089dace55c1ad

    • SHA256

      23e10e6ce7df576f68283f2ceb00b0975170a3ef778161b35e3bbb578b4c7416

    • SHA512

      25ff5c51aea16dc4f2ae5eb70f403eb2d386018297b86d0ccf4fe4dce6929d1409ae831c2721c404e9f58472873ce6e6b87a419b2355aee7fda7773366aab03a

    Score
    10/10
    bitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks