Overview

overview

10

Static

static

vnhgf.exe

windows7_x64

10

vnhgf.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TODAY PAYMENT.zip

  • Size

    1.8MB

  • Sample

    220627-wdevtscfbq

  • MD5

    f5158c2e0fcada41efb90647a56be12e

  • SHA1

    6ded28917e702c8ae74181dc22b99e701571bc5a

  • SHA256

    68599aed1a59ea181bd317a0ac5ec38b57c2537c4ef3ef606708576bf87036c7

  • SHA512

    d8adbe26fede56535856c7c380fccab1c44abc9bb037db801910f943fa3f68927bf069ba458fea93e4befcc86629b9e7bfac37f7236f181aa9b008bb80809a7e

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitrat9400.duckdns.org:9400

Attributes
  • communication_password

    e10adc3949ba59abbe56e057f20f883e

  • tor_process

    tor

Targets

    • Target

      vnhgf.exe

    • Size

      300.0MB

    • MD5

      a5335343971e56e6ff268dcfe8774ae9

    • SHA1

      25c8a25b5c1dd7913e4447dd15056afd52d95c4a

    • SHA256

      1a66d08dd756f9fe6f3e936fb3b7c245d46b267c2512c997df86030e9d634734

    • SHA512

      8ef2c8eff3ea1c26fd5c202aaad0fb6e6c2f895b791e47422aa7a34b879633d531d43328767b82df977ad53528d21359897f701c0e8d1018ca935c353aa91ca4

    Score
    10/10
    bitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks