Overview

overview

10

Static

static

FedEx00B19...ed.exe

windows7-x64

10

FedEx00B19...ed.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FedEx00B1915_parsed.exe

  • Size

    1.7MB

  • Sample

    221123-zjd29sch89

  • MD5

    e6641a7a0c61243081e9342c2e5076c6

  • SHA1

    035914a1d0244039d43c48cadcab0439ed6855d0

  • SHA256

    07a3e0b0b46beba9fcf603b62237748395cb801229e19500ff0e5cb38c12c067

  • SHA512

    fe6049ed585272f8dac944bfdb402241c0f0e844c2e210c2f61a1d96fbeb451e5bddc3e69b22febd2c1dffc5357b951d28710fcde61bab31e11b6f5ff8b0ceda

  • SSDEEP

    49152:rl3Nx5txMWMlY23V6MKAL1BVHiBIHKG5HqMG:xH50WOY2lxKALpHhKo3G

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

akatabit1915.duckdns.org:1915

Attributes
  • communication_password

    e10adc3949ba59abbe56e057f20f883e

  • tor_process

    tor

Targets

    • Target

      FedEx00B1915_parsed.exe

    • Size

      1.7MB

    • MD5

      e6641a7a0c61243081e9342c2e5076c6

    • SHA1

      035914a1d0244039d43c48cadcab0439ed6855d0

    • SHA256

      07a3e0b0b46beba9fcf603b62237748395cb801229e19500ff0e5cb38c12c067

    • SHA512

      fe6049ed585272f8dac944bfdb402241c0f0e844c2e210c2f61a1d96fbeb451e5bddc3e69b22febd2c1dffc5357b951d28710fcde61bab31e11b6f5ff8b0ceda

    • SSDEEP

      49152:rl3Nx5txMWMlY23V6MKAL1BVHiBIHKG5HqMG:xH50WOY2lxKALpHhKo3G

    Score
    10/10
    bitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks