Overview

overview

10

Static

static

YS02FNSACO...DF.exe

windows7-x64

10

YS02FNSACO...DF.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    YS02FNSACOPJKDSQS_Invoice_PDF.zip

  • Size

    4.6MB

  • Sample

    221108-j9nfmafed2

  • MD5

    d2e346c2d65c87b049c2986177e20cfc

  • SHA1

    c03826e3a2bc96fe77ab3257e312d63f6a604cd1

  • SHA256

    d4110a1011dbd1db2ddce8906f6fc39fb51d54925becd6fe0a010ad090cbca96

  • SHA512

    21f3d5e7594a889af1e135386c6df706b961115d3e2d6b91f70613ae1f942aa4a0f708ea9699bb850b2a09755031e27d275615f6ec6dd81f8811c60dc809a7c1

  • SSDEEP

    98304:czKaDrGA/lR2btudOFucpzJUZPaeAmuYTAYgIFChnhKoNp+:ceafzPktuipQkmuYAKCRDK

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitrat6060.duckdns.org:6060

Attributes
  • communication_password

    e10adc3949ba59abbe56e057f20f883e

  • tor_process

    tor

Targets

    • Target

      YS02FNSACOPJKDSQS_Invoice_PDF.exe

    • Size

      300.0MB

    • MD5

      1420cfc2bea47d52a937fbea0415baa8

    • SHA1

      8d4ea7755d633dc9cd2f721d951fc17bdf5346d6

    • SHA256

      099afcdcf586e43f851a0a63d12328f5a44884a711c61c8679a693bd239d51b1

    • SHA512

      3546d9569ea5f6d891c42e5e805041fc288fcd78943dee2eef251cd52de1910213cfbe2d71e7386fa3d40d5a27ac3de39293e4e05487113b7cbd32c2dd3bb0c7

    • SSDEEP

      24576:C5gfuhMt53oiTyVl7gyCPUmj15wlutqzKn4QpeuCdEz9aJ3bxKui0HpzYU0:C5+IUbGcq0hz9o3bkj2U

    Score
    10/10
    bitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Uses the VBS compiler for execution

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks