Overview

overview

10

Static

static

1

7f55a7b60a...48.rtf

windows7-x64

10

7f55a7b60a...48.rtf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a5a6fbe5e7f86784d14ce1f4d7672f6b.bin

  • Size

    2KB

  • Sample

    230319-wtc16sbf6z

  • MD5

    2eb0babd5e2e3ad12c9e7f18dc1c31f0

  • SHA1

    52a9073b7432cbadcef1fa60d4b8070febd160a2

  • SHA256

    246ef46413460148586faa3c3a29576eb310eef3cd53600ab31f966d41812240

  • SHA512

    40b73c646242d1a3e3d9a65288645fb21f708cec2d65b3a6f8dc246699e381a50a700cc39b0baa97db13a414b6df0b6573def67be42d31a64191868baf681cc6

Score
10/10
bitrattrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

74.201.28.92:3569

Attributes
  • communication_password

    148b191cf4e80b549e1b1a4444f2bdf6

  • tor_process

    tor

Targets

    • Target

      7f55a7b60a243743fe8f8f25220e8aae506d985ff963587200329f229cca2248.doc

    • Size

      3KB

    • MD5

      a5a6fbe5e7f86784d14ce1f4d7672f6b

    • SHA1

      c8b9fc16cea841705b1b80152cc95f3322799c80

    • SHA256

      7f55a7b60a243743fe8f8f25220e8aae506d985ff963587200329f229cca2248

    • SHA512

      322944cc12604db232973329f9ad5e49c034d9ca4e55ffba3ddc8b4d2dc815c2afaeddae740436d07c88f46d9017902c88dac0cdc0610dcbd47cb9d0825218b3

    Score
    10/10
    bitrattrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks