e4b6ffbd9a7484dd39aaca1d71663ee8cc3875657cd2f0de3bceaa02ba982d50

Sharing

Copy URL

Twitter E-mail

General

Target

8f0776321109b890ec839678d7fbd7cc.bin
Size

25.3MB
Sample

230328-cecmbaac31
MD5

8f0776321109b890ec839678d7fbd7cc
SHA1

7d340a5a1865bcfc9a3746f8a801b185c627202d
SHA256

e4b6ffbd9a7484dd39aaca1d71663ee8cc3875657cd2f0de3bceaa02ba982d50
SHA512

1aaf1b3558273350347ed48a98c457e890ae2277733fab1a0f5d50bae726dd4de04be1466aafa6ab718450e53216c4edcbfa3f4c0a58e442256276386c8bc05e
SSDEEP

393216:v4mKpOeBGicwlNwskehLCvcqhZbyXjlGTFi5dJbxetltsJ7v67TjsFfehNIl4qdn:ElBblNJhXUBEAsJ7yjsI+jYj7mLX

Score

7^/10

link pdf upx

Malware Config

Targets

- Target
  
  BitRAT/BitRAT.exe
- Size
  
  13.6MB
- MD5
  
  03c4dc0c56e0c14e49341b31fc68e69b
- SHA1
  
  9de6b2dfc76a99ce18a99f7092a71a00926b61ec
- SHA256
  
  633f7758cc5df2dfc398840dfcf0ee24d3e233135167c805e9dae843cda9b6da
- SHA512
  
  a3fcbd1ed7701a1049345cdcecf10b8689d5b80dec76bed156d48b9f3f8ad4e2b55c5f4a6f9512c2ed02f9ff1c992650520ed06045ab1081b5b3817ea9f717bc
- SSDEEP
  
  196608:scVMS3RPqqL3RkDRq60tmZSPGPAPfelOC1/Stltibf:DMXs6cPP2AeKt3i7
Score

7^/10
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  BitRAT/BitRAT.exe.config
- Size
  
  27KB
- MD5
  
  c2125e382edfb2a62188cb18f4af3bbf
- SHA1
  
  52a54b55f5df885adace1bfdc833980e55dc5695
- SHA256
  
  7e44283bff7bde7d622560e2dbbee3187a135609e8fcafaf1d9cda0aec9aab8b
- SHA512
  
  4e715aed0cfef476bdb88ace087942020d773f0bd799232a2c3b866d933cac6e82654cef4abbca26e6b2825206e7f56fe281fe2758376d5bebdf750a31419f05
- SSDEEP
  
  192:ur7s7Kc7ruvMPUDNTHffIcKS/pvrsJ+J/qJvjwhU4WEy:uXs7K5EPUDNTHffICijwhU4WEy
Score

1^/10
behavioral3 behavioral4
- Target
  
  BitRAT/Manual.pdf
- Size
  
  875KB
- MD5
  
  e3d95397281a7816b32ff76c8e760521
- SHA1
  
  cef2568464f0cbddf3827466d142ac6e4c8cbc3f
- SHA256
  
  899d4ae97777e831504fecaeaba405df972acf486f61969386e5f2928f3f2e9c
- SHA512
  
  b0c398c4df804fb2a63189a30ada4b5af34e3afcf2d329bee0f086c4b74f49a51814ecf005c125e0e04e647d9d4145d5017ba8bc0a6bf6c32a18dbae9babc51b
- SSDEEP
  
  12288:fC/iIKbwBysOd7vWFwAl2uGKKadszDfOS0Z8vZeekVqon6Ma5Ejqj3uKbeUIRT3:a2TWi22ueQgyZ8vZeilfie3cz
Score

1^/10
behavioral5 behavioral6
- Target
  
  BitRAT/data/media/icons/exe.ico
- Size
  
  2KB
- MD5
  
  2461403b766c8c5bf0dc93cca47061f0
- SHA1
  
  b6a845aa2e3d312478500b31a538a267d1930225
- SHA256
  
  9b2bc15cabb7e21627d222ab0fcf61e277522e23c5843517a7e6ab877734afe2
- SHA512
  
  388b80152d6f56231f3967924a677070b9e20934a523fa5e9d98724fbeb40dc109a6332e4acf556cf168c87fa1726c3ce16faa6f9be33a70081a0c7cae9de192
Score

3^/10
behavioral7 behavioral8
- Target
  
  BitRAT/data/modules/hvnc.exe
- Size
  
  47KB
- MD5
  
  d8aa0784ac3b8d7860b732a3e9f330b0
- SHA1
  
  391c08797fb35ab12326cd2c49a62ec27243f6f8
- SHA256
  
  ef34feff91c19c5fbca02fffb46420b912a9e4c8c043d41f044fd9a232335c8c
- SHA512
  
  1156bbf279f141a3259f1e03a44c2d8fb73b782d6c4f5cd773e0c44589033d72f2053ca462dbf575298ef4e69cbb5ef0547d54fe282236fe4f04a7ae1c7d7a30
- SSDEEP
  
  768:qAAx+jcvNh5l4Q+Rhn0VUWjkCeTjSkcrMVSvOv/BtUgPjQumGr7wHT/nU:qAAWeT6QK4tkckSu/BOgbxVErU
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral10 behavioral9
- Target
  
  BitRAT/data/tor/libcrypto-1_1.dll
- Size
  
  3.1MB
- MD5
  
  afc4a9e05ffc9ec14c2ddeb1589fe6e2
- SHA1
  
  244c6fb7428fba7666d9c89eb8d6ae939a70f408
- SHA256
  
  6789ba515f6593f65104c6057d93f5c0b645aa860695d5bfbfc5d97beb301068
- SHA512
  
  9d167f5823701258d0f27617735a1b82c6be20e52f67cb1d83d592092d0e3455908c6fb916999c3377204eec8c92c40a6bd9826791976166665b6fae64d26f0c
- SSDEEP
  
  98304:gJrGegX+mb9aDas4sdoGG6Y+MSjoet+SNA5CtQe4Bpm1CPwDv3uFZjLDHtthk5/A:0qVX+mb9a2s4GoGGH+M8oet+SG5CtQeU
Score

3^/10
behavioral11 behavioral12
- Target
  
  BitRAT/data/tor/libevent-2-1-6.dll
- Size
  
  853KB
- MD5
  
  f690912e8b86ecc237287bbfa9f073c3
- SHA1
  
  3df729a3c7135f9d1f46b83c18258f0131a1e788
- SHA256
  
  60b6ceac938a821c47a5160c599fd50bc7451d42d7108960077a20dabfcadb9d
- SHA512
  
  3dc3b000a173458e839c5cf0d614830435e602f60824e850640ae1a4cfe7dda1a331c06147bf9c2c1932da545c47e78625b89883439b2f2cd4eb31b80a593fa1
- SSDEEP
  
  12288:/7bGb4bjbZb1b6lb2bxdRuh4v8HurEHYXYAKaKDWhXhUYV8g2AvL2Mwm:++dRquDXYAKaKShXhUYVMAvLVwm
Score

1^/10
behavioral13 behavioral14
- Target
  
  BitRAT/data/tor/libevent_core-2-1-6.dll
- Size
  
  578KB
- MD5
  
  a8dcdbacf427880ed7c38524ec608a3f
- SHA1
  
  e029a404dc373136b3778aaf26f848971e7e454e
- SHA256
  
  915cc62df1d591809bd4bf121dfe290fcf0be6237fe85a61af9b8030a5f466ed
- SHA512
  
  e32a4918a69f9818c2f995de2e61cf4bbe6a27c5dcacfcc6ae3126acd8c60f79dc7826274233b20dc51eb7ea4c1759a759964d8496a0296b993f56e5aebfdd29
- SSDEEP
  
  12288:k+bGbkbjbUb1bTb2blTstYMqAuJKD6hw/U6Awg6QRdwB:vTs2MqAuJKmhw/U6A0QRdwB
Score

1^/10
behavioral15 behavioral16
- Target
  
  BitRAT/data/tor/libevent_extra-2-1-6.dll
- Size
  
  559KB
- MD5
  
  5d6b4d48a3ab79fbbb426c823ada1812
- SHA1
  
  bb7d43f69ec38f77af15730f728546dcb778a674
- SHA256
  
  ed87ca23b687a67a11265051bfa27b7af0a36dda07e8af15c98fcb547038836d
- SHA512
  
  1c9d8b62c9411d3ba326072b74858d1f251862dc3bafd62f584b98fe17c2ba9190e85f004e9f2b944e41e0a4d01285c590b881267bf9965e0f81f7395bfd8f96
- SSDEEP
  
  6144:fBJ3RpLdzdBqKkTaC1jGTMxKCbDN9iIa6FexCimIMyzuU6ghuUoqeri259oTQ1Qd:fBJ3RpLldoCVtKDN0IFwUJ+0gc4h3qy
Score

3^/10
behavioral17 behavioral18
- Target
  
  BitRAT/data/tor/libgcc_s_sjlj-1.dll
- Size
  
  1.1MB
- MD5
  
  c6a0c7eca293848a58046c85309b20fb
- SHA1
  
  71c8ffa0956ba04e5297dac50a44a2d7382c5346
- SHA256
  
  90b54eb822c63772aa72153dcb2d3ebca30604b6b495564983160264595a636b
- SHA512
  
  003aeb3a5fc417b291ad09a1440a953c8f277721224df96a8341806a4c65a91cb8232311a47f21a4d5263c83ccbfd046ac39877c5b4d165ad6a941b34b2c4fd2
- SSDEEP
  
  24576:IjmCsnjuvtzgoB0W4KWk+4U8xbLd/nNYV3:IUjuVzgoeD/k+4fxbLcV3
Score

3^/10
behavioral19 behavioral20
- Target
  
  BitRAT/data/tor/libssl-1_1.dll
- Size
  
  926KB
- MD5
  
  8881bb3e500555ae7368656d197d246c
- SHA1
  
  34bdfc1b32473e50525832565e4ae83abdd174a8
- SHA256
  
  e626fed2df16fad9a1fbe7a71c15bb2280fbae139736f44534bbb7cc69ba1354
- SHA512
  
  e17217e55c93e0192a398631c068e268d63bea236217748958827b9b83995c0103521b35cad8204cd9a9b8f2f4868e333c99834aabab40b316563c8a28efada3
- SSDEEP
  
  24576:l002XPeJhlOEkeQK21hVFJd154vcu1UYa/mtGKq0FkUepfPqdxtw3iFFrS6XL:G02j1eQK2rJFu1UYa/mtGj0FkNpfPixD
Score

1^/10
behavioral21 behavioral22
- Target
  
  BitRAT/data/tor/libssp-0.dll
- Size
  
  262KB
- MD5
  
  b1a9a0def34f550003c88212af8059a3
- SHA1
  
  4a278fbea710e2bd74124ee6be0cb0556d8d72b8
- SHA256
  
  96ae486b556532c5132e82c23fde334c044e84791e362b21bc0fb31c6b02bf08
- SHA512
  
  8742a553189711e06d28c2f9eac9aae8d931e67551391dfe58647457f8d868d52136e842ac9a7780ebd91489d2ce0695bbca0ab71829fc7f7d26d85b1f50aeec
- SSDEEP
  
  6144:EI1aC18GTMzKCbDJ9iy6YexClmZMyzbU6guuU9qepp:ocjKDJ097UYZ9gNvU
Score

3^/10
behavioral23 behavioral24
- Target
  
  BitRAT/data/tor/libwinpthread-1.dll
- Size
  
  522KB
- MD5
  
  99e20eea1d13e718eb0fe9d61659c87f
- SHA1
  
  4ee7eb374a027b06190bfe8d7d444d25a955a5a2
- SHA256
  
  c99eb9c243c18fe9363ed232fed3ef4f171a90be2a6b957f9a480f5eaf66b4ca
- SHA512
  
  5eeae53cc852e4134cfdfca2454b7b8489a0a5d5a4100fc68aa97302197ac8e6558a5ecefd3decade2d3e5a051d6bcf50c4cd0713dfd614c11fea9cd542af33c
- SSDEEP
  
  12288:EQbim3YIiU6lotAH7I/zvbttl4/MKKDLVcqUuzpoM7wTivFo:Fbim3YRU6lotk7I/zvbttl4/MKKfVcqK
Score

1^/10
behavioral25 behavioral26
- Target
  
  BitRAT/data/tor/tor.exe
- Size
  
  3.9MB
- MD5
  
  52faae579cc30d277fddf60ea4b89e2c
- SHA1
  
  f2010f4451c7aac3c767a5743370d9252bbbfd7c
- SHA256
  
  c4ee142394bf7a53e43ca86ab3c03e3712d85c15941588fc4e6e8f5c7a88c654
- SHA512
  
  3baec48c1718f2252ce788b3832d3adf145f93c3a9e6e6aeabde6d5d5d52bde32c450c46b1385961bf201c30f60570319897f614428414534867af6bf93f16a4
- SSDEEP
  
  98304:CzZ42i53gAUP71HtcjRkVfQIjiEsgYY9l7:KOaA0HtcjKVfQIb
Score

3^/10
behavioral27 behavioral28
- Target
  
  BitRAT/data/tor/zlib1.dll
- Size
  
  99KB
- MD5
  
  34dc3c1c076b690520ab198863fa0c86
- SHA1
  
  f092142507e9bb1679e22dec9dfe83a31c44c0c8
- SHA256
  
  d7445b008f464f48d0a6df5cca5552de790a113b77913221b08a41b5eebd0ba7
- SHA512
  
  1d7c499d00b3c81a8a990a83e00940882dd7794e6be38e713d00ced0a8687e0eb7fddaba690b3aed926f346818381e91c4f714d511502bc51739c4532457a460
- SSDEEP
  
  3072:g6sSzNF7DQnLjWPlaXCgSo08a6TBf/+fj6Bk:g6rNqL1RSo02TBefj6
Score

3^/10
behavioral29 behavioral30

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Suspicious use of NtSetInformationThreadHideFromDebugger

UPX packed file

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30