Overview

overview

10

Static

static

BC9wa9Zo.exe

windows7-x64

10

BC9wa9Zo.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BC9wa9Zo.exe

  • Size

    1.1MB

  • Sample

    221105-w4n67ahae8

  • MD5

    3b960e79f96867d21257f2c2e6b68a3a

  • SHA1

    dd39eb43b60a5ce586e22173f5419cdaebc70b62

  • SHA256

    d1f97e10d8b6443fd92d1673143f9d9f672f71caca3ad3f492532681095b4511

  • SHA512

    80ed4f6fbe25dca33a1263490b2d96db1c63313222555050d91a4de91f5b13e0b86704ab45c81c965703b7081a2496d3294f8535ee6a53bdeafe888db85d2b90

  • SSDEEP

    24576:wIk11alpxKYvIOWdB6yCgb8SDxOTeCYSfI5b2sJxHJHtuSCg/c3kCv/oMw2n+OkX:wfQnyC1dA

Score
10/10
bitratmodiloaderpersistencetrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

davidmanne.casacam.net:2223

Attributes
  • communication_password

    b6c6e855edf908ec7c12ce8c8e628a5c

  • tor_process

    tor

Targets

    • Target

      BC9wa9Zo.exe

    • Size

      1.1MB

    • MD5

      3b960e79f96867d21257f2c2e6b68a3a

    • SHA1

      dd39eb43b60a5ce586e22173f5419cdaebc70b62

    • SHA256

      d1f97e10d8b6443fd92d1673143f9d9f672f71caca3ad3f492532681095b4511

    • SHA512

      80ed4f6fbe25dca33a1263490b2d96db1c63313222555050d91a4de91f5b13e0b86704ab45c81c965703b7081a2496d3294f8535ee6a53bdeafe888db85d2b90

    • SSDEEP

      24576:wIk11alpxKYvIOWdB6yCgb8SDxOTeCYSfI5b2sJxHJHtuSCg/c3kCv/oMw2n+OkX:wfQnyC1dA

    Score
    10/10
    modiloadertrojanbitratpersistenceupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks