General

  • Target

    BB6D55AAB2282E95E85AFA000473A6DF2F1A4B4C46F17.exe

  • Size

    2.1MB

  • Sample

    221109-dgmqqsdcb7

  • MD5

    8d832de194971baab3c3094332b3711a

  • SHA1

    bd9664f567cbd520672515aeafa435523e0d6086

  • SHA256

    bb6d55aab2282e95e85afa000473a6df2f1a4b4c46f177c14cfbf3e8e48b430d

  • SHA512

    5ad34a2da576787bcfd1b4b7e224e93968dab3d48cc02b9eaddd9e4df586a9532c8d6d412471dbd5c7181e58dd6d1d04cb8bfd972b617d7468009e1b4efddead

  • SSDEEP

    49152:vjhtoUsQI6Jc41u/5DmbZPXB42Gn5yeX4IYgfkuM7i:vNyU2opu90XCKfdu

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

212.83.173.68:2576

Attributes
  • communication_password

    d0970714757783e6cf17b26fb8e2298f

  • tor_process

    tor

Targets

    • Target

      BB6D55AAB2282E95E85AFA000473A6DF2F1A4B4C46F17.exe

    • Size

      2.1MB

    • MD5

      8d832de194971baab3c3094332b3711a

    • SHA1

      bd9664f567cbd520672515aeafa435523e0d6086

    • SHA256

      bb6d55aab2282e95e85afa000473a6df2f1a4b4c46f177c14cfbf3e8e48b430d

    • SHA512

      5ad34a2da576787bcfd1b4b7e224e93968dab3d48cc02b9eaddd9e4df586a9532c8d6d412471dbd5c7181e58dd6d1d04cb8bfd972b617d7468009e1b4efddead

    • SSDEEP

      49152:vjhtoUsQI6Jc41u/5DmbZPXB42Gn5yeX4IYgfkuM7i:vNyU2opu90XCKfdu

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks