Overview

overview

10

Static

static

ANANOHYJ-P...PT.exe

windows7-x64

10

ANANOHYJ-P...PT.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ANANOHYJ-PAYMENT-RECEIPT.exe

  • Size

    300.0MB

  • Sample

    220729-xh8jdacbb8

  • MD5

    dba3209d9c78a3bf216ba69f483af62c

  • SHA1

    68b017f099f31c1e631283007cfa25513d2ae924

  • SHA256

    e2ada17298bdb93977b0f7c57907bc7077437c43b813d8ba3e81f2e93b3bec5d

  • SHA512

    42b5d35c9d0f43ce2e438bda6e686b57ec906ab2588ed0f5862948134e73c8e1649d1f895d46dcea58147523861ac1faa7669fb4c0b7d3d30586bbf07ad82ef7

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitrat9300.duckdns.org:9300

Attributes
  • communication_password

    e10adc3949ba59abbe56e057f20f883e

  • tor_process

    tor

Targets

    • Target

      ANANOHYJ-PAYMENT-RECEIPT.exe

    • Size

      300.0MB

    • MD5

      dba3209d9c78a3bf216ba69f483af62c

    • SHA1

      68b017f099f31c1e631283007cfa25513d2ae924

    • SHA256

      e2ada17298bdb93977b0f7c57907bc7077437c43b813d8ba3e81f2e93b3bec5d

    • SHA512

      42b5d35c9d0f43ce2e438bda6e686b57ec906ab2588ed0f5862948134e73c8e1649d1f895d46dcea58147523861ac1faa7669fb4c0b7d3d30586bbf07ad82ef7

    Score
    10/10
    bitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Uses the VBS compiler for execution

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks