Overview

overview

10

Static

static

7

Accountsetting.exe

windows7-x64

10

Accountsetting.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Accountsetting.exe

  • Size

    6.2MB

  • Sample

    230901-gsx8dsch2y

  • MD5

    0606141f3fad15f21ebf58bcd5c49f75

  • SHA1

    098454df527c1315e80808328dc464286fa90859

  • SHA256

    76f0851190aea6cb9add8591a662322bd88f742d85f62bcf54050fe5b380eed6

  • SHA512

    1ddcedc9e695b29dc44a0799263c8c50d6c14adae9e0968a501ae25b387c3f4c1b9aed29380800a3c6cd734da0ac71d5d8151f51172ce133e7caa1ce0541df92

  • SSDEEP

    98304:qgMl95DqZYNTvgSeRK0eINIehsEB0ylMlzg4x4hFq1u9roTkXWtHErGy3z6r5MNI:qFX5eGiK0aEKtP1+rGkX2Dry0f

Score
10/10
bitratpersistencetrojanvmprotect

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

rornfl12.duckdns.org:3072

Attributes
  • communication_password

    be767243ca8f574c740fb4c26cc6dceb

  • install_dir

    chrome

  • install_file

    chome.exe

  • tor_process

    tor

Targets

    • Target

      Accountsetting.exe

    • Size

      6.2MB

    • MD5

      0606141f3fad15f21ebf58bcd5c49f75

    • SHA1

      098454df527c1315e80808328dc464286fa90859

    • SHA256

      76f0851190aea6cb9add8591a662322bd88f742d85f62bcf54050fe5b380eed6

    • SHA512

      1ddcedc9e695b29dc44a0799263c8c50d6c14adae9e0968a501ae25b387c3f4c1b9aed29380800a3c6cd734da0ac71d5d8151f51172ce133e7caa1ce0541df92

    • SSDEEP

      98304:qgMl95DqZYNTvgSeRK0eINIehsEB0ylMlzg4x4hFq1u9roTkXWtHErGy3z6r5MNI:qFX5eGiK0aEKtP1+rGkX2Dry0f

    Score
    10/10
    bitratpersistencetrojanvmprotect

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks