Overview

overview

10

Static

static

827615424_PDF.exe

windows7-x64

10

827615424_PDF.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    827615424_PDF.vhd

  • Size

    10.0MB

  • Sample

    221027-xx8gxsdaf9

  • MD5

    660dd338f6f70ce09ac98ccb162c03ce

  • SHA1

    2b1cf8758ffe5726af97dce5bb48c8534ef51e81

  • SHA256

    9d3975bd3b09d8a3717bf26809d45bd57983de71621c40a94a3d5e99d44aaa82

  • SHA512

    1b2ca057cde809b2cc0208c5d2e7b9f53a360ca965c391fe34532271fc3c14876a8aee407a4b5381bd53602bff8ca34853bd77df5d032328b9a2ebd8477ea976

  • SSDEEP

    196608:S6t4bO+ipyUUUUUJUUUUUUmLNe4SO1UUUUUJUUUUUU:ZHKLx

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitone9090.duckdns.org:9090

Attributes
  • communication_password

    e10adc3949ba59abbe56e057f20f883e

  • tor_process

    tor

Targets

    • Target

      827615424_PDF.exe

    • Size

      300.0MB

    • MD5

      0e20fe4a6b6ae6a93129d7767dab8558

    • SHA1

      ffb19496edae93f3981ab744b0688b881339e3ac

    • SHA256

      ed1babfb5993b76abda6deb0a715042923634b42d2eedc06eaa01b56e06fe100

    • SHA512

      070c95a4e846c82628b3a7a0044bcc9f6360ae4c1fe2fc777c887a43c44f30514af323d693b05c591cd367efd4622b3d36b76f18a53b3d3609ee80cb1913688a

    • SSDEEP

      49152:Vnm4UcmDYIbFaTI39LMK44bFh1DgtJaJk4UUUUUJUUUUUU:x6blbku9Le4bFhuO1UUUUUJUUUUUU

    Score
    10/10
    bitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks