General

  • Target

    Ahsbytgmuhjvbo.exe

  • Size

    1010KB

  • Sample

    221205-srbtjsfb2t

  • MD5

    2806e80a494fbf0977dc9e18999f6cc8

  • SHA1

    35d892ec891da46a0592d2cfebcc3afb4f67ee6e

  • SHA256

    16ba74e590acbf2a285ae1e15864ef7cdeff576542f0f430ab83481ea52b729a

  • SHA512

    3cc0b75728fabc71245ecd2d801cb2ed088b2078e3c7e223f791096cf4cd149a007fe33978a626fafea31c48d63f6efe071db8fa2dd4012e0b5e4a45a2db1749

  • SSDEEP

    24576:owfXt2qCbasU3cyK9pNhMhtrjxLF7Zl/ronBb5:oEcO+9bh+1lLF3MnBb

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

su1d.nerdpol.ovh:2288

Attributes
  • communication_password

    653d716345d8915046b904b90f41f271

  • tor_process

    tor

Targets

    • Target

      Ahsbytgmuhjvbo.exe

    • Size

      1010KB

    • MD5

      2806e80a494fbf0977dc9e18999f6cc8

    • SHA1

      35d892ec891da46a0592d2cfebcc3afb4f67ee6e

    • SHA256

      16ba74e590acbf2a285ae1e15864ef7cdeff576542f0f430ab83481ea52b729a

    • SHA512

      3cc0b75728fabc71245ecd2d801cb2ed088b2078e3c7e223f791096cf4cd149a007fe33978a626fafea31c48d63f6efe071db8fa2dd4012e0b5e4a45a2db1749

    • SSDEEP

      24576:owfXt2qCbasU3cyK9pNhMhtrjxLF7Zl/ronBb5:oEcO+9bh+1lLF3MnBb

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks