Overview

overview

10

Static

static

3

Fgmre.exe

windows7-x64

10

Fgmre.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Fgmre.exe

  • Size

    6.1MB

  • Sample

    230909-gdd6zahe66

  • MD5

    fab73af287c1c2d2c9f7eb56ae418c2a

  • SHA1

    b9afbf362fd3a04290b37a2abafece67fba21b1b

  • SHA256

    33d1fbfef24cf1945248cfdc35c9338aec58774838d2c8b16d7609e8badd60a3

  • SHA512

    c5a5803b097509967ff09a401d4f8d055a837c66f4bb257576513519233b40890bb8663ce08eddead348dacdace3d1212e3522480fbd6fe3a5e909970f442bab

  • SSDEEP

    98304:wVV8V0jkxwDuoUprzpnNHNVDNHVq4t2KsNStyoXpGQL4+bMzvIBkKAPLf:w7E0oCu9NtVJFRGQLcH

Score
10/10
bitratpersistencetrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

smgqnt3eixxksasu.xyz:1234

Attributes
  • communication_password

    30afda4853ef5b1bc36463ba95d84247

  • tor_process

    tor

Targets

    • Target

      Fgmre.exe

    • Size

      6.1MB

    • MD5

      fab73af287c1c2d2c9f7eb56ae418c2a

    • SHA1

      b9afbf362fd3a04290b37a2abafece67fba21b1b

    • SHA256

      33d1fbfef24cf1945248cfdc35c9338aec58774838d2c8b16d7609e8badd60a3

    • SHA512

      c5a5803b097509967ff09a401d4f8d055a837c66f4bb257576513519233b40890bb8663ce08eddead348dacdace3d1212e3522480fbd6fe3a5e909970f442bab

    • SSDEEP

      98304:wVV8V0jkxwDuoUprzpnNHNVDNHVq4t2KsNStyoXpGQL4+bMzvIBkKAPLf:w7E0oCu9NtVJFRGQLcH

    Score
    10/10
    bitratpersistencetrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks