Overview

overview

10

Static

static

SecuriteIn...48.exe

windows7_x64

10

SecuriteIn...48.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Trojan.Siggen18.23529.6748.25064

  • Size

    2.1MB

  • Sample

    220712-ya8d3sdbhm

  • MD5

    e12a6196b7111c16b714203901bc04df

  • SHA1

    964d35b27808d800a5ce11561786de6a2d8af0b1

  • SHA256

    a97feddf4e0e68b4fd86b4643babcc7b799c54f08724cf4fcfd1038e918ebff0

  • SHA512

    6dfb722593ff5b56c3b3852225aebb1797f947e9baa26a644c500bdbcb664e77b60866430e19c1ea2f2881947a999696870d081baa25a035021ec21b456eb2a7

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

godfavor.duckdns.org:2349

Attributes
  • communication_password

    81dc9bdb52d04dc20036dbd8313ed055

  • tor_process

    tor

Targets

    • Target

      SecuriteInfo.com.Trojan.Siggen18.23529.6748.25064

    • Size

      2.1MB

    • MD5

      e12a6196b7111c16b714203901bc04df

    • SHA1

      964d35b27808d800a5ce11561786de6a2d8af0b1

    • SHA256

      a97feddf4e0e68b4fd86b4643babcc7b799c54f08724cf4fcfd1038e918ebff0

    • SHA512

      6dfb722593ff5b56c3b3852225aebb1797f947e9baa26a644c500bdbcb664e77b60866430e19c1ea2f2881947a999696870d081baa25a035021ec21b456eb2a7

    Score
    10/10
    bitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks