General

  • Target

    Bit-Full.zip

  • Size

    24.7MB

  • Sample

    220911-pclhnabee8

  • MD5

    ad1fffe2735c63a5c46259525b3c42cd

  • SHA1

    9b2c9d2a15ef837c34aeab2d2d64083ab240e26a

  • SHA256

    ea4cf517d1e1d5caf83092ace633917c52c9ae3ee44cf97407452cdb1299056a

  • SHA512

    8e88415d06c60a99e68acb5b7a68c1af011027cdcaeb9e7dac2811d19d4cac1fc86508f226d1650f364e937a9b4a1cb450371aa39f13ff62bcd36d7d82bf2a38

  • SSDEEP

    393216:JqhZbyXjlGTFiCBPaxetltsJ7v67TjsWqehuIl4qtyVagrY4mKpOeBGicwlNwskj:JhXUBtdsJ7yjswpx4LlBblN+

Malware Config

Targets

    • Target

      BitRAT.exe

    • Size

      13.6MB

    • MD5

      03c4dc0c56e0c14e49341b31fc68e69b

    • SHA1

      9de6b2dfc76a99ce18a99f7092a71a00926b61ec

    • SHA256

      633f7758cc5df2dfc398840dfcf0ee24d3e233135167c805e9dae843cda9b6da

    • SHA512

      a3fcbd1ed7701a1049345cdcecf10b8689d5b80dec76bed156d48b9f3f8ad4e2b55c5f4a6f9512c2ed02f9ff1c992650520ed06045ab1081b5b3817ea9f717bc

    • SSDEEP

      196608:scVMS3RPqqL3RkDRq60tmZSPGPAPfelOC1/Stltibf:DMXs6cPP2AeKt3i7

    Score
    7/10
    • Loads dropped DLL

    • Target

      BitRat_Cracked_Launcher.bat

    • Size

      979B

    • MD5

      73c8759db01e571b42b4dd1675733083

    • SHA1

      0cd50d811d4289d8b31ef6f5943d61cddda616be

    • SHA256

      338a380416430dadd08fc399caacd327c674466de7498823097ff176f07f9db3

    • SHA512

      4d7a36e59797d239b658a0d6d52f852692d3c592fa031b7b08656e2f9c484004f90a4c76ffe2553d664790de0f2122cd2e6220e8be11a7caa999fa7970898746

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Target

      data/modules/hvnc.exe

    • Size

      87KB

    • MD5

      801d3b12ee57df968833fa19a6d1c4d9

    • SHA1

      4a11c7969014f3b4923372e30be1e529e92f5cb4

    • SHA256

      13c4cdd3a92035405f85c8ed17131d3df24735c5c131747e688112ad59388130

    • SHA512

      65573f7194196d2f24ad29460019520cc314c2b60adcaf2dddc9ad0a8f29b3683af5575df4803bb3b80705d71e8c1c49f56746dd125254349bad5a38bb647b07

    • SSDEEP

      1536:9xqjQ+P04wsmJCDErUTbJAAWeT6QK4tkckSu/BOgbxH:wr85CcsAlyNK4tkctu/QgN

    • Detect Neshta payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      data/tor/tor.exe

    • Size

      3.9MB

    • MD5

      17f69ab64673319e50482b1ebe245ca5

    • SHA1

      af84935075f81a1906e0f4242abc851d8b9d2e82

    • SHA256

      b635da778e28d1261df0a6390bce9931d193c5caf8859bd1949de287a51e14b4

    • SHA512

      1d3dd8fc12fdde95785597dfcb8a0ea043fb30c192ca9ed30ec1c2deed7ea2ae0d564b8e8b7e7122f27f704eb55597b6ee1671283fd037e5bd70f0d705cec599

    • SSDEEP

      98304:lzZ42i53gAUP71HtcjRkVfQIjiEsgYY9l7l:dOaA0HtcjKVfQIbJ

    • Detect Neshta payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks