Overview

overview

10

Static

static

oka.exe

windows7-x64

10

oka.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    oka.exe

  • Size

    1.7MB

  • Sample

    220809-kj3nashee6

  • MD5

    09cf009d15f845497667171a11a51fd3

  • SHA1

    c45fdc8dacdf6901e81185ff684d3deda57af6e7

  • SHA256

    d3ddf40b5133634e7b56f9532035264723ac3006442f82f1af013c88f581ad22

  • SHA512

    75424b3572e63f8eb19b6c8cbc5c987354f7db8bb4d32e8f3a5c74fee8144b8ec717bc4422ac090b2763b5e10917927c7a8c136e23832a7362646b33a9c903c0

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

yakbitpeople.duckdns.org:9175

Attributes
  • communication_password

    827ccb0eea8a706c4c34a16891f84e7b

  • tor_process

    tor

Targets

    • Target

      oka.exe

    • Size

      1.7MB

    • MD5

      09cf009d15f845497667171a11a51fd3

    • SHA1

      c45fdc8dacdf6901e81185ff684d3deda57af6e7

    • SHA256

      d3ddf40b5133634e7b56f9532035264723ac3006442f82f1af013c88f581ad22

    • SHA512

      75424b3572e63f8eb19b6c8cbc5c987354f7db8bb4d32e8f3a5c74fee8144b8ec717bc4422ac090b2763b5e10917927c7a8c136e23832a7362646b33a9c903c0

    Score
    10/10
    bitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks