General

  • Target

    Interac-e-Transfer-Receipt.zip

  • Size

    1.8MB

  • Sample

    220809-trbdfscfgr

  • MD5

    cbe1b81389e7564f8230fe3edeb45d6a

  • SHA1

    87404a9ccbb6db1521d5be15d80b8229db2a3663

  • SHA256

    df9752355297575b5c2175a1bdc6cd63fe26b6c6041282725fbb86db331411ed

  • SHA512

    b3dd06c8f7294e1392c3b0f40ab6597487b0dfdcc608a7164bea0ded087691d872d782f08623b18bd4e055c4738f5171afa092f70649c8c4919f6ad6b8a439f2

Score
10/10

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitrat9300.duckdns.org:9300

Attributes
  • communication_password

    e10adc3949ba59abbe56e057f20f883e

  • tor_process

    tor

Targets

    • Target

      Interac-e-Transfer-Receipt.exe

    • Size

      300.0MB

    • MD5

      8dac8b61bf8c23264873a3f3bee260f5

    • SHA1

      ba581c38574794324ea714a48671fad7f2384dbe

    • SHA256

      7e4a1f93d53d3962a913e000524344bdcccd6d36d0856b3df38df57d4a8e1df3

    • SHA512

      65ef0b281583e1f8303ff470dc134d8d35ccc394521fd93294cd251220af501137b17d39af91829efe0191e395c2494e1652565895647bf04a46b56fe0eae163

    Score
    10/10
    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks