Overview

overview

10

Static

static

10

tst.exe

windows7-x64

10

tst.exe

windows10-2004-x64

10

out.exe

windows7-x64

3

out.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tst.exe

  • Size

    1.4MB

  • Sample

    221121-1gmr3agg27

  • MD5

    3412592c23a9bc93a234c5e25130a71a

  • SHA1

    cad0b43ff636a6d6dbbfbd38e134aa0acda7b052

  • SHA256

    017ab0c10991b0d3faa2b6fdc43487632418c4f5a337e94f8490233d254ba566

  • SHA512

    2076c9ebf616986a5e7a309bc105639abaf1ece7fcc69585457026371353aca82377f70f2903340ed28f40b69f9314c925f2319431d05b0ea527ab4ce0bd75a3

  • SSDEEP

    24576:2ndRKZCy2BrhCeU2i2cJijFbCBTPmiY05tJMSQp5ysA7Yg1nLkz6Nf6F6j4:gXDFBU2iIBb0xY/6sUYYf56Fu4

Score
10/10
bitratpersistencetrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

45.95.168.128:23202

Attributes
  • communication_password

    ed99c23d77796aac877ce1f91481dc28

  • install_dir

    Oracle

  • install_file

    java.exe

  • tor_process

    tor

Targets

    • Target

      tst.exe

    • Size

      1.4MB

    • MD5

      3412592c23a9bc93a234c5e25130a71a

    • SHA1

      cad0b43ff636a6d6dbbfbd38e134aa0acda7b052

    • SHA256

      017ab0c10991b0d3faa2b6fdc43487632418c4f5a337e94f8490233d254ba566

    • SHA512

      2076c9ebf616986a5e7a309bc105639abaf1ece7fcc69585457026371353aca82377f70f2903340ed28f40b69f9314c925f2319431d05b0ea527ab4ce0bd75a3

    • SSDEEP

      24576:2ndRKZCy2BrhCeU2i2cJijFbCBTPmiY05tJMSQp5ysA7Yg1nLkz6Nf6F6j4:gXDFBU2iIBb0xY/6sUYYf56Fu4

    Score
    10/10
    bitratpersistencetrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      out.upx

    • Size

      3.8MB

    • MD5

      4dabc39b211315fe0c40dadb42548d7b

    • SHA1

      43bcb1fa069af7eef462ee94b64365490cb82851

    • SHA256

      92cff45687e5ede616b97ad98db15db5a6a94eb3e2b4c0ce7b18d1d4da8f612f

    • SHA512

      0e16364bba70ea7283b511f76e4f30dd7ecdaab490843832c04f1ba3cf90bd9993283557f088df4707b2248e99bba10442162b368c1043695bf87a646a2fbab4

    • SSDEEP

      98304:m77Pmq33rE/JDLPWZADUGer7B6iY74M/QmlwXVZ:Y+R/eZADUXR

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks