Overview

overview

10

Static

static

Policy_Document.iso

windows7-x64

3

Policy_Document.iso

windows10-2004-x64

3

Policy-Document.exe

windows7-x64

10

Policy-Document.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Policy_Document.zip

  • Size

    1.9MB

  • Sample

    220818-vks6cshcej

  • MD5

    b5a1d999a5852dd4b160d37633b7d3a5

  • SHA1

    1f1a064d9b34ff48f07ebead8bbea5161a3b66f6

  • SHA256

    99c95ed1a1192492b4f73a54381f02e927ce26dcae0489b63be67401e015cc78

  • SHA512

    76e4659e70edb504239530f3e215559edd0e3d5aa3fd3e29284a4a2d74f2510d7ccacb097dc15c1d3f0f8a696165c5d36d803b34f01209769124a12e8bf87aaf

  • SSDEEP

    49152:D2/zscfvo5kUJlRthr0k1DJOrB6JH5zvRrLm:6/zVIp5hdXOrB6JH5trC

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

yakbitpeople.duckdns.org:9175

Attributes
  • communication_password

    827ccb0eea8a706c4c34a16891f84e7b

  • tor_process

    tor

Targets

    • Target

      Policy_Document.img

    • Size

      300.6MB

    • MD5

      19e831afa686bf2cacba9335279e316d

    • SHA1

      03fefba6592583c218f00b4bb2b4c0df230402ff

    • SHA256

      edf8a1adc604e52d333db94fa73e293c251a2cc02568237a46632081b3c98df8

    • SHA512

      4a636f98b9c517df7bce363f398e03e413be9174d1990aba0b1dfbf55ac961eb248ed22c7e6adba5697888fcd380bb0425f449599e5d9a52e10849b3b61ab1d1

    • SSDEEP

      49152:RlGseaGadVfAkb26C9oFuQ5lg0FlN7mjH:dGadtHFF5gyvmjH

    Score
    3/10
    behavioral1behavioral2

    • Target

      Policy-Document.exe

    • Size

      300.0MB

    • MD5

      8a6c934a28abfd03fa9f259a7ced202d

    • SHA1

      1d623700b282fcb94b691c8e6d5473fdac5e3f3e

    • SHA256

      47c38d37274d645b491b7cff7b298049054c18b3ad95064a3b241163a4198106

    • SHA512

      3a51c39eeafbac5f40468118f569dbdc66d76b2fe45376e1d9a0a26c7003a98315457bb06bb68228a75d54d3e18a6c55404d4c3032e1230b32773c61ba5efc3a

    • SSDEEP

      49152:qlGseaGadVfAkb26C9oFuQ5lg0FlN7mjH:OGadtHFF5gyvmjH

    Score
    10/10
    bitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks