Overview

overview

10

Static

static

SPALOKSIUJAHYDRS.exe

windows7-x64

10

SPALOKSIUJAHYDRS.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SPALOKSIUJAHYDRS.rar

  • Size

    1.5MB

  • Sample

    220812-1xnz3aabhj

  • MD5

    e2cd056c400ea638a111c7a4ab7fabab

  • SHA1

    596951edaa137ce462e7b5454aa64960d1fe4bbc

  • SHA256

    4af0df4c6e52c90d6bdca52fed0a6b0b91f1f1c8a1ea03423c21b561a0d7e1fb

  • SHA512

    ee35de1e0cc66d895284026708aeabe18c4f1eac9380a4cb6282306697de268d2515753fbfd349cbd0107d415222572327293b95f271eb7c0aba3dd7d4345de5

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitrat9300.duckdns.org:9300

Attributes
  • communication_password

    e10adc3949ba59abbe56e057f20f883e

  • tor_process

    tor

Targets

    • Target

      SPALOKSIUJAHYDRS.exe

    • Size

      300.0MB

    • MD5

      3d5164f658be6404df30aafb7e35bcfb

    • SHA1

      2505d715093103eda2cff86f8328e32b75462242

    • SHA256

      d8556549bce64ee0047c08b7326b609a8a406981749575320b89ef47cc9678f4

    • SHA512

      f5e1ae28040781c05ebbdd37ee4f340c0b7bf27f4c97006fc9a150bdc7e1905081c9e416bf915da33377a22e6eb54b416b0cc6fa1af14212ca558db11cea9cc9

    Score
    10/10
    bitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Uses the VBS compiler for execution

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks