Overview

overview

10

Static

static

10

44390430ef...b8.exe

windows7_x64

10

44390430ef...b8.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    44390430ef06d4c526cb24433728cae0a9d72897d5740b17f6adfb1f1178ddb8

  • Size

    3.8MB

  • Sample

    220707-yz8fdaaeej

  • MD5

    fa0ed279049035b9019eb20e1d0804e1

  • SHA1

    f8323bf5d5e5c63a26f65067954ba6fdbdb13f60

  • SHA256

    44390430ef06d4c526cb24433728cae0a9d72897d5740b17f6adfb1f1178ddb8

  • SHA512

    a19c621957550e1aa10e2e57596fb7f3f63aea8846a9e6d3744c5ba6a2268a32ac12acdc50bfc5fa16d5ac263fac298d78a72c5211746bc3aee55681e4a9dbde

Score
10/10
bitratpersistencetrojan

Malware Config

Extracted

Family

bitrat

Version

1.35

C2

jamjamp22-45642.portmap.host:45642

Attributes
  • communication_password

    1e553be118546a9eae0f52103e13514f

  • install_dir

    svchost

  • install_file

    svchost.exe

  • tor_process

    tor

Targets

    • Target

      44390430ef06d4c526cb24433728cae0a9d72897d5740b17f6adfb1f1178ddb8

    • Size

      3.8MB

    • MD5

      fa0ed279049035b9019eb20e1d0804e1

    • SHA1

      f8323bf5d5e5c63a26f65067954ba6fdbdb13f60

    • SHA256

      44390430ef06d4c526cb24433728cae0a9d72897d5740b17f6adfb1f1178ddb8

    • SHA512

      a19c621957550e1aa10e2e57596fb7f3f63aea8846a9e6d3744c5ba6a2268a32ac12acdc50bfc5fa16d5ac263fac298d78a72c5211746bc3aee55681e4a9dbde

    Score
    10/10
    bitratpersistencetrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks