Overview

overview

10

Static

static

15a52de73b...6b.exe

windows7-x64

10

15a52de73b...6b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15a52de73b3395308f5806176d575c6b.exe

  • Size

    4.3MB

  • Sample

    220720-1w7qsaaff8

  • MD5

    15a52de73b3395308f5806176d575c6b

  • SHA1

    21ff34e8dcc57c6708655d8a346ce73b5e92d729

  • SHA256

    e1b20a947e37528f38157fd59f0f1fac2b220247c657f6756304026b7e64f814

  • SHA512

    c101177ea3b7b34c17eb07e2ca503165a669f955daea0fd6c3cc7b11b18d90394e51c33831273fe77ed60a27b031de2b764a7d4205653ccb4f87102304b11f52

Score
10/10
bitrattrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

queentaline.ddns.net:1117

Attributes
  • communication_password

    202cb962ac59075b964b07152d234b70

  • tor_process

    tor

Targets

    • Target

      15a52de73b3395308f5806176d575c6b.exe

    • Size

      4.3MB

    • MD5

      15a52de73b3395308f5806176d575c6b

    • SHA1

      21ff34e8dcc57c6708655d8a346ce73b5e92d729

    • SHA256

      e1b20a947e37528f38157fd59f0f1fac2b220247c657f6756304026b7e64f814

    • SHA512

      c101177ea3b7b34c17eb07e2ca503165a669f955daea0fd6c3cc7b11b18d90394e51c33831273fe77ed60a27b031de2b764a7d4205653ccb4f87102304b11f52

    Score
    10/10
    bitrattrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks