Overview

overview

10

Static

static

tmpbg_av_60.exe

windows7-x64

10

tmpbg_av_60.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmpbg_av_60

  • Size

    1.7MB

  • Sample

    220728-r8m3gahbhm

  • MD5

    fad1b418110d37814930646d24ab4239

  • SHA1

    f39606e98088b8e3e6d3707954c53385caf7f88a

  • SHA256

    23f0dcf06d4c4a7354f3e7f013022ed26afa823556e444054c1b0b4aec0bce78

  • SHA512

    d8c147683a4728383e80565ce538a0f12ad3191928158c33a65dfd6896e9ac33c58715fb199a88341ee206c6b85d18e7325d55616ebbbcc3c691c0f7f1344b97

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

kot-pandora.duckdns.org:24993

Attributes
  • communication_password

    d6723e7cd6735df68d1ce4c704c29a04

  • tor_process

    tor

Targets

    • Target

      tmpbg_av_60

    • Size

      1.7MB

    • MD5

      fad1b418110d37814930646d24ab4239

    • SHA1

      f39606e98088b8e3e6d3707954c53385caf7f88a

    • SHA256

      23f0dcf06d4c4a7354f3e7f013022ed26afa823556e444054c1b0b4aec0bce78

    • SHA512

      d8c147683a4728383e80565ce538a0f12ad3191928158c33a65dfd6896e9ac33c58715fb199a88341ee206c6b85d18e7325d55616ebbbcc3c691c0f7f1344b97

    Score
    10/10
    bitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks