Overview

overview

10

Static

static

wdfvbn.exe

windows7-x64

10

wdfvbn.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    wdfvbn.exe

  • Size

    289.4MB

  • Sample

    220729-yg3geadcdp

  • MD5

    566135e9a517a204c2e8fb2f7332ecdc

  • SHA1

    4cde0ea64922233cafe2eba489a79d67222e2022

  • SHA256

    1b3da7f55427827f44cafce5301508fb6e2806c387e5044479778c8dde87624a

  • SHA512

    9caf700b65d48617e6df09f2754a212c0c90908695b9be0aa33c2e7640e0529d20a91b51eab6dd3a775a51b63f281dfd358afe271b1781cf16165bc24cb1bdfe

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitrat9300.duckdns.org:9300

Attributes
  • communication_password

    e10adc3949ba59abbe56e057f20f883e

  • tor_process

    tor

Targets

    • Target

      wdfvbn.exe

    • Size

      289.4MB

    • MD5

      566135e9a517a204c2e8fb2f7332ecdc

    • SHA1

      4cde0ea64922233cafe2eba489a79d67222e2022

    • SHA256

      1b3da7f55427827f44cafce5301508fb6e2806c387e5044479778c8dde87624a

    • SHA512

      9caf700b65d48617e6df09f2754a212c0c90908695b9be0aa33c2e7640e0529d20a91b51eab6dd3a775a51b63f281dfd358afe271b1781cf16165bc24cb1bdfe

    Score
    10/10
    bitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Uses the VBS compiler for execution

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks