Overview

overview

10

Static

static

Delivery Report.exe

windows7-x64

1

Delivery Report.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Delivery Report.exe

  • Size

    391KB

  • Sample

    220825-z7a1hsbbdl

  • MD5

    6509067f5e377007e7bcf1546d15ba55

  • SHA1

    d437c89632e52269cfaf5a8a2a4cf64241041c4f

  • SHA256

    5a86beef7389e6fcd0c5910770bbf4aa92a353d3ccc0c5b80e9ec41f48c5af4a

  • SHA512

    88cecfcf73e024239b146b3b2b1700968a5a257c39322dc5e4f251d27647b4fcaefae2c9f08298704350b8ede83c616a3935550327ad42f45972b301c7ba927f

  • SSDEEP

    6144:/XiuJDZUEd5UT2AyvSlKkl8ftbFq65LhhZMEUcQQiW:ZDj9Nv0K5tbFq6xh8W

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

febbit2.ddns.net:6655

Attributes
  • communication_password

    81dc9bdb52d04dc20036dbd8313ed055

  • tor_process

    tor

Targets

    • Target

      Delivery Report.exe

    • Size

      391KB

    • MD5

      6509067f5e377007e7bcf1546d15ba55

    • SHA1

      d437c89632e52269cfaf5a8a2a4cf64241041c4f

    • SHA256

      5a86beef7389e6fcd0c5910770bbf4aa92a353d3ccc0c5b80e9ec41f48c5af4a

    • SHA512

      88cecfcf73e024239b146b3b2b1700968a5a257c39322dc5e4f251d27647b4fcaefae2c9f08298704350b8ede83c616a3935550327ad42f45972b301c7ba927f

    • SSDEEP

      6144:/XiuJDZUEd5UT2AyvSlKkl8ftbFq65LhhZMEUcQQiW:ZDj9Nv0K5tbFq6xh8W

    Score
    10/10
    bitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Downloads MZ/PE file

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks