Overview

overview

10

Static

static

inquiry.rtf

windows7-x64

10

inquiry.rtf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    inquiry.doc

  • Size

    2KB

  • Sample

    221201-q5v38sha81

  • MD5

    79d6312b5a128c542ccc1e5a7d0dcc88

  • SHA1

    2f836002cd132c70f4736e3b06b7d76096308e75

  • SHA256

    33805a97ec15a2d8431060421e7518149715b6e4fbba17d4011fc67d8aec9f9c

  • SHA512

    ef3b1c3da617344f374a8a57af53e9296fa257322a89f1d028618588b3ab2b9948772d14305ea4fa56c2cdcd0f014f350e43dd0d72725e06bf2f5d3e338f62e4

Score
10/10
bitratpersistencetrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

37.139.128.233:3569

Attributes
  • communication_password

    ce952068942604a6d6df06ed5002fad6

  • tor_process

    tor

Targets

    • Target

      inquiry.doc

    • Size

      2KB

    • MD5

      79d6312b5a128c542ccc1e5a7d0dcc88

    • SHA1

      2f836002cd132c70f4736e3b06b7d76096308e75

    • SHA256

      33805a97ec15a2d8431060421e7518149715b6e4fbba17d4011fc67d8aec9f9c

    • SHA512

      ef3b1c3da617344f374a8a57af53e9296fa257322a89f1d028618588b3ab2b9948772d14305ea4fa56c2cdcd0f014f350e43dd0d72725e06bf2f5d3e338f62e4

    Score
    10/10
    bitratpersistencetrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks