General

  • Target

    7e319c1315d5b97983fb7cb4d93ddf0c.exe

  • Size

    65KB

  • Sample

    221202-xm276adg64

  • MD5

    7e319c1315d5b97983fb7cb4d93ddf0c

  • SHA1

    fde2d21cb08b8d95ea2e4419e51aa43f8da348ac

  • SHA256

    311dc36ff1b1c092fe3c27ea3d7c699b77d092da4d5f1ccb5fc8e35b9a4adf5c

  • SHA512

    02f59f8d2dd41e1e287c46a8bd3119c98d2f2500a95a7d980791f7f6f326cad43111385b30d3c8e6de912905a81527632dd9a7089f1aa6f1716eabe4608bcfad

  • SSDEEP

    1536:WIHebrEKfgYBUngABZvxZ/DOG8s8MkeNSzXzK1:Gb4KRapBZP/Dl8DMDSzX+1

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

37.139.128.233:3569

Attributes
  • communication_password

    ce952068942604a6d6df06ed5002fad6

  • tor_process

    tor

Targets

    • Target

      7e319c1315d5b97983fb7cb4d93ddf0c.exe

    • Size

      65KB

    • MD5

      7e319c1315d5b97983fb7cb4d93ddf0c

    • SHA1

      fde2d21cb08b8d95ea2e4419e51aa43f8da348ac

    • SHA256

      311dc36ff1b1c092fe3c27ea3d7c699b77d092da4d5f1ccb5fc8e35b9a4adf5c

    • SHA512

      02f59f8d2dd41e1e287c46a8bd3119c98d2f2500a95a7d980791f7f6f326cad43111385b30d3c8e6de912905a81527632dd9a7089f1aa6f1716eabe4608bcfad

    • SSDEEP

      1536:WIHebrEKfgYBUngABZvxZ/DOG8s8MkeNSzXzK1:Gb4KRapBZP/Dl8DMDSzX+1

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks