Overview

overview

10

Static

static

3

a47434b53b...28.exe

windows7-x64

1

a47434b53b...28.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a47434b53be19aa80e4529da0ac4e528.exe

  • Size

    4.9MB

  • Sample

    230701-xvxmmsae9v

  • MD5

    a47434b53be19aa80e4529da0ac4e528

  • SHA1

    e2535e69d067f6557f2c83bd05dc47289c61b0d8

  • SHA256

    5726631bd5354455869b80013d408d97b6d479d61697aecfa253fb42caed3b1b

  • SHA512

    f0251d15e29042d432c141f6df43ff267cd3c912a48afe6f83ed1d5588078191eb98763608f2d89b92cb33ec54db16d42bba03a83c329b4cab84615059f28d65

  • SSDEEP

    98304:lfROAm0ADHsXLIsFmL5vTWJdVzealPxaLnU4UUU3UUU:lfROAm0ADHsXLIBvMtUU4UUU3UUU

Score
10/10
bitrattrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

104.223.91.190:1234

Attributes
  • communication_password

    81dc9bdb52d04dc20036dbd8313ed055

  • install_dir

    Install path

  • install_file

    Install name

  • tor_process

    tor

Targets

    • Target

      a47434b53be19aa80e4529da0ac4e528.exe

    • Size

      4.9MB

    • MD5

      a47434b53be19aa80e4529da0ac4e528

    • SHA1

      e2535e69d067f6557f2c83bd05dc47289c61b0d8

    • SHA256

      5726631bd5354455869b80013d408d97b6d479d61697aecfa253fb42caed3b1b

    • SHA512

      f0251d15e29042d432c141f6df43ff267cd3c912a48afe6f83ed1d5588078191eb98763608f2d89b92cb33ec54db16d42bba03a83c329b4cab84615059f28d65

    • SSDEEP

      98304:lfROAm0ADHsXLIsFmL5vTWJdVzealPxaLnU4UUU3UUU:lfROAm0ADHsXLIBvMtUU4UUU3UUU

    Score
    10/10
    bitrattrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Drops startup file

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks