Overview

overview

10

Static

static

cd39b64904...35.exe

windows7-x64

10

cd39b64904...35.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cd39b649045c4556c08be586b301d1dc8536e63d14888a4e6a55636776a8e235.7z

  • Size

    1.5MB

  • Sample

    220902-ng5awsdafl

  • MD5

    7ea49c19cfee005a5df17917d4180040

  • SHA1

    4b1122e1814b47fb2dcfe05e4d91978b6a82a867

  • SHA256

    515dc9adafe29870ba7052d258ab73abbbaf728015ce92a7eb097033672e05d5

  • SHA512

    024a6c48811a56c8f9c82a9d2561216c38d88fcb4507dec7aa865edd3d55cb0d08c957da46ca3c45223fd072cb0e75b44f80fa20f5f334f9144e9055a6bdbdcc

  • SSDEEP

    24576:yrWUbKl53gJoqRwkqbQsH5wRPblyG3tYsP2mJfM9fbzQLwmLLAs4DyAubLwX6aIl:EKbiCH3OPgse9t9m3yDPKaHsLUEl

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

newbithere.duckdns.org:2005

Attributes
  • communication_password

    827ccb0eea8a706c4c34a16891f84e7b

  • tor_process

    tor

Targets

    • Target

      cd39b649045c4556c08be586b301d1dc8536e63d14888a4e6a55636776a8e235

    • Size

      300.0MB

    • MD5

      9edb373bba31ed74e5635c8ba1ccbc24

    • SHA1

      7826110d94ad641b3cbed3eaa1c4e1ab5e329e26

    • SHA256

      cd39b649045c4556c08be586b301d1dc8536e63d14888a4e6a55636776a8e235

    • SHA512

      90c56b8545767b8b3b3292ebc71d4683b6ff0c2e0fc1135159357707bfb462878c8044eced0f6138e7771d3db3c6e8a1b363d7663fd3e5e50f46254f22ee54e4

    • SSDEEP

      24576:KQWUrKeG3ggoqRwkqbQsH50RPoE+G3ttsP2V4MM9obzQLAmLGAs4DyAunLw+6aI9:K2KtBCR3qP+JeO+/m6yDL9aITLUp

    Score
    10/10
    bitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks