Overview

overview

10

Static

static

SecuriteIn...13.exe

windows7-x64

10

SecuriteIn...13.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Trojan.Heur.IEC.908d4036d15.18544.5613.exe

  • Size

    12KB

  • Sample

    221108-s62zaagbek

  • MD5

    0227214a22f52e1ca990c1d210ad00ef

  • SHA1

    59f257cce1b20df6d6c4c71d1da35d165c250b1a

  • SHA256

    e979fd4eceae3c51a4c735759289d087bffd63fe4ccd22150fe0e9d1e450022d

  • SHA512

    d4201afeee664e6745b28f2efad1e191b7376e782d66a54e7dcfa0d51fd77210890ebabcaf9640353bc1f38221524c6ebc3779a2aa9444e2eadd225a6293bd42

  • SSDEEP

    192:L3ZVuMBkJmq31Cs8+S1TTgJMRqIcuuuD8v:L3ZQMBki+eTEKRN8

Score
10/10
bitratxenarmorcollectionpasswordpersistencerecoveryspywarestealertrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

37.139.128.233:3569

Attributes
  • communication_password

    ce952068942604a6d6df06ed5002fad6

  • tor_process

    tor

Targets

    • Target

      SecuriteInfo.com.Trojan.Heur.IEC.908d4036d15.18544.5613.exe

    • Size

      12KB

    • MD5

      0227214a22f52e1ca990c1d210ad00ef

    • SHA1

      59f257cce1b20df6d6c4c71d1da35d165c250b1a

    • SHA256

      e979fd4eceae3c51a4c735759289d087bffd63fe4ccd22150fe0e9d1e450022d

    • SHA512

      d4201afeee664e6745b28f2efad1e191b7376e782d66a54e7dcfa0d51fd77210890ebabcaf9640353bc1f38221524c6ebc3779a2aa9444e2eadd225a6293bd42

    • SSDEEP

      192:L3ZVuMBkJmq31Cs8+S1TTgJMRqIcuuuD8v:L3ZQMBki+eTEKRN8

    Score
    10/10
    bitratpersistencetrojanxenarmorcollectionpasswordrecoveryspywarestealerupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • XenArmor Suite

      XenArmor is as suite of password recovery tools for various application.

      recoverypasswordxenarmor

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook accounts

      collection

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks