Overview

overview

10

Static

static

VAMSKIDH_INVOICE.exe

windows7_x64

10

VAMSKIDH_INVOICE.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7626356148.zip

  • Size

    1.5MB

  • Sample

    220621-tz5x2aabd9

  • MD5

    95a4755e4c0da8d68871013d4cfd4f27

  • SHA1

    a4c2606ed8e316e1f95a5f995df9fd0312de8490

  • SHA256

    e0f298edfbcb95ec248fb23a3eefb54886e882371e0f28abfabaf1e00e73b9ef

  • SHA512

    06d4b9cc76fa187ff2f2fae9f378d74be39c0ff4bee0d660eeec3a249f7ad370a427826a0c73486430c48f44dc86f55a61997773c0138e859bf0d2e994f38950

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitrat9400.duckdns.org:9400

Attributes
  • communication_password

    e10adc3949ba59abbe56e057f20f883e

  • tor_process

    tor

Targets

    • Target

      VAMSKIDH_INVOICE.exe

    • Size

      200.0MB

    • MD5

      cf46eb85c503955b25cb4b2ab6051357

    • SHA1

      dcfc790d0c190ba754e97d86ee9b9fad6e2ae079

    • SHA256

      a19a136b09c11bb722d6aec359d0cd517a38c87b9f34ec82ed6c4adf6884b41f

    • SHA512

      3ce4f1acddd9a9b0db87b93c8af2b0df21f36b58fb47bb053c5ec1782b7bea7e161016f8bc3ba3388db7511ec146a26ceba894c4032b7e79708a3a5280ddd1b2

    Score
    10/10
    bitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks