Overview

overview

10

Static

static

2a97668295...57.exe

windows7-x64

10

2a97668295...57.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2a976682956855209a0d5e49d5c40f0d98ff85bd0e91c6b57f58e5151af42557

  • Size

    4.3MB

  • Sample

    221130-q6c9tafb72

  • MD5

    800a72a1b10482664128955fd3878dd5

  • SHA1

    c8bb5f18dfd9ffb397c3e2615b8494c9ac858b14

  • SHA256

    2a976682956855209a0d5e49d5c40f0d98ff85bd0e91c6b57f58e5151af42557

  • SHA512

    d42d51205b9f4591a3b06c47fdf0b0e6836ce65c69da8f72e596a66c3c69d095c4e4b01e10ef96ec62560bae64d62d121a9689a435651d78a2b639d0e5db5341

  • SSDEEP

    98304:12kBmhP9BU5yJcRzLU85bn9yLCJkkAiQpElkjZSYGoYK2fqWIpHV+wcgd9KEGzPc:wPwCCN5QLCJBAiQpElkjYY6K2oVSczG

Score
10/10
bitrattrojan

Malware Config

Extracted

Family

bitrat

Version

1.34

C2

185.157.162.234:54262

Attributes
  • communication_password

    2bb232c0b13c774965ef8558f0fbd615

  • tor_process

    tor

Targets

    • Target

      2a976682956855209a0d5e49d5c40f0d98ff85bd0e91c6b57f58e5151af42557

    • Size

      4.3MB

    • MD5

      800a72a1b10482664128955fd3878dd5

    • SHA1

      c8bb5f18dfd9ffb397c3e2615b8494c9ac858b14

    • SHA256

      2a976682956855209a0d5e49d5c40f0d98ff85bd0e91c6b57f58e5151af42557

    • SHA512

      d42d51205b9f4591a3b06c47fdf0b0e6836ce65c69da8f72e596a66c3c69d095c4e4b01e10ef96ec62560bae64d62d121a9689a435651d78a2b639d0e5db5341

    • SSDEEP

      98304:12kBmhP9BU5yJcRzLU85bn9yLCJkkAiQpElkjZSYGoYK2fqWIpHV+wcgd9KEGzPc:wPwCCN5QLCJBAiQpElkjYY6K2oVSczG

    Score
    10/10
    bitrattrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks