Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    91abc0cabd554c1b0dce52d6094895dd43c6d7251ce109fe51a85d433c2f36eb

  • Size

    230KB

  • Sample

    220809-1rzjlsgghp

  • MD5

    c8461fb52f97b3a3186954e5fb14752d

  • SHA1

    3838ad7fddfb3a013d30afd515c80e9ac37cb7c4

  • SHA256

    91abc0cabd554c1b0dce52d6094895dd43c6d7251ce109fe51a85d433c2f36eb

  • SHA512

    0c01fe3f2a52b593fa634ae8fc7cbec716f0fa497f8fa09e0e3ed0506f79b20f8b97fead4eeb0edd3f35101fbc70e53128d7f0130bed18315b76dea6fcce3a4a

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

eichelberger.duckdns.org:7744

Attributes
  • communication_password

    2eb6e59fac395f7cb5a7b52ea31fa9f2

  • tor_process

    tor

Targets

    • Target

      91abc0cabd554c1b0dce52d6094895dd43c6d7251ce109fe51a85d433c2f36eb

    • Size

      230KB

    • MD5

      c8461fb52f97b3a3186954e5fb14752d

    • SHA1

      3838ad7fddfb3a013d30afd515c80e9ac37cb7c4

    • SHA256

      91abc0cabd554c1b0dce52d6094895dd43c6d7251ce109fe51a85d433c2f36eb

    • SHA512

      0c01fe3f2a52b593fa634ae8fc7cbec716f0fa497f8fa09e0e3ed0506f79b20f8b97fead4eeb0edd3f35101fbc70e53128d7f0130bed18315b76dea6fcce3a4a

    Score
    10/10
    bitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Downloads MZ/PE file

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks