Overview

overview

10

Static

static

ETRANSFER_RECEIPT.exe

windows7-x64

10

ETRANSFER_RECEIPT.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Interac-e-Transfer.zip

  • Size

    1.8MB

  • Sample

    220817-f6xcksbafj

  • MD5

    4f3de62e57147ba762c86d99112acc45

  • SHA1

    ba9a1dcddee381ad6d2c8b293261d507a4bfaf00

  • SHA256

    6f6c56d0e723796b5f60dfd53fe0370cc6b33e0f61d3356213b689ea402fdab5

  • SHA512

    a58eec86cd6456577c9e8be74183ca6bd7ebe0c5cfbc9bb0cb8236327692aa681c4186c0521e7024be2fa78a854591861a9beba645e829ea297645234a21b17d

  • SSDEEP

    24576:0nPfL0gwNYg4pz7CL9fnu953txc0V1EzID8F0p5UojUZ4EkH4XtMEJaqgRfh3doo:KnxWc6AljTXLD2q5UogZaH4XGfRf8o

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitrat9300.duckdns.org:9300

Attributes
  • communication_password

    e10adc3949ba59abbe56e057f20f883e

  • tor_process

    tor

Targets

    • Target

      ETRANSFER_RECEIPT.exe

    • Size

      300.0MB

    • MD5

      8dac8b61bf8c23264873a3f3bee260f5

    • SHA1

      ba581c38574794324ea714a48671fad7f2384dbe

    • SHA256

      7e4a1f93d53d3962a913e000524344bdcccd6d36d0856b3df38df57d4a8e1df3

    • SHA512

      65ef0b281583e1f8303ff470dc134d8d35ccc394521fd93294cd251220af501137b17d39af91829efe0191e395c2494e1652565895647bf04a46b56fe0eae163

    • SSDEEP

      49152:Ifj16wI8BxPHNbgOHMoE7A7EXGKjf9aFEV:Ifx1BBt0OsEWk

    Score
    10/10
    bitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks