Overview

overview

10

Static

static

10

nbitt9090.exe

windows7-x64

10

nbitt9090.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nbitt9090.bin.zip

  • Size

    1.4MB

  • Sample

    221109-kwahaaghhk

  • MD5

    4e491958d2940f509d1b898a9f956c09

  • SHA1

    1de1a56c98e734a09d36cab3338886a3aa414c9d

  • SHA256

    353e4d8c85a452dcdd44cd027869277587735b6e9bc2dd5f1d31c84a0e8f3134

  • SHA512

    b271e41a399ed37e1eb8cf736461bf6f84119c471ab96c83825309317073b9c7a28ee75884e122d0da5a0e4c63d6532f41ae89a02bb2f5e6af5ef27199e193bd

  • SSDEEP

    24576:nzcq9Fvyc0fF2sEujGkJgwT0WKtWAuUM7OFPmXAlF6CuRotwEMQI2JXo71POf:zBjwF2sEIGk+kyKC0nGCEU371M

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bit9090.duckdns.org:9090

Attributes
  • communication_password

    e10adc3949ba59abbe56e057f20f883e

  • tor_process

    tor

Targets

    • Target

      nbitt9090.bin

    • Size

      1.4MB

    • MD5

      d2d601c4f27a42233076ebc6e05f07f0

    • SHA1

      5a0b561f883b88ca3d4d9bdba5143f103ea83d14

    • SHA256

      dc9fcc38f0fad625bdd15fa418178cbcd8783e8c66bccf1bd300ead64c9e05eb

    • SHA512

      f28db947332f2151de3a7b24101788afaeb3a00a63221dd20b745bd4ffe1ca495c6a4ac148ff8925635b720ae7c8bc586ab697622097a78a0e2588aa9d70b077

    • SSDEEP

      24576:wndRKZCy2BrhCeU2i2cJijFbCBTPmiY05tJMSQp5ysA7Yg1nLkz0l2GiY:yXDFBU2iIBb0xY/6sUYYnEY

    Score
    10/10
    bitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks