Overview

overview

10

Static

static

10

4c4c971dc2...6d.exe

windows7_x64

10

4c4c971dc2...6d.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4c4c971dc212eca78549870a200be0be7435115643af3633f18aef3e7e1f596d

  • Size

    3.8MB

  • Sample

    220712-hxm4nafdbl

  • MD5

    346daada7cdc97b0d596928baea9ac29

  • SHA1

    be45d9ba2d366fe1a640b7632ce71cd0761d0404

  • SHA256

    4c4c971dc212eca78549870a200be0be7435115643af3633f18aef3e7e1f596d

  • SHA512

    01b3444ac6433aee6451e01a1905c9d8e51f3eca1a7f885a9596166d252972a38869bd4d272dc3a329f2701c243b01338bec22cec0d0a9b9fee870bf73e438ab

Score
10/10
bitratpersistencetrojan

Malware Config

Extracted

Family

bitrat

Version

1.35

C2

185.157.162.100:58181

Attributes
  • communication_password

    d4fab64cc4b3bcd4e84db4020ebb3c66

  • install_dir

    Microsoft

  • install_file

    micros.exe

  • tor_process

    tor

Targets

    • Target

      4c4c971dc212eca78549870a200be0be7435115643af3633f18aef3e7e1f596d

    • Size

      3.8MB

    • MD5

      346daada7cdc97b0d596928baea9ac29

    • SHA1

      be45d9ba2d366fe1a640b7632ce71cd0761d0404

    • SHA256

      4c4c971dc212eca78549870a200be0be7435115643af3633f18aef3e7e1f596d

    • SHA512

      01b3444ac6433aee6451e01a1905c9d8e51f3eca1a7f885a9596166d252972a38869bd4d272dc3a329f2701c243b01338bec22cec0d0a9b9fee870bf73e438ab

    Score
    10/10
    bitratpersistencetrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks