Overview

overview

10

Static

static

1

c222b81571...JC.bat

windows7-x64

7

c222b81571...JC.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c222b81571013219fd99f7ca5fefa350d6aabd28b03bbc819048a67570db274e_JC.bat

  • Size

    2.6MB

  • Sample

    230924-q3jmesfe8x

  • MD5

    12d05ccce56b71317838c1f70c434fdd

  • SHA1

    db2b6548661dc0ad3c19439989e1c36bf62a9ca7

  • SHA256

    c222b81571013219fd99f7ca5fefa350d6aabd28b03bbc819048a67570db274e

  • SHA512

    79c4c072efba2838d053dd3912484e4138371eac29bd556e344c62abc1b49313bf562fcc6c613c7756c6d24ecc4203336da5aacaf9d4602eb8c5d6caa45053b2

  • SSDEEP

    24576:MFz0PTLOQXlNvJ9ZosU5cqcczDvwcbpSWwHt6H5P+gRnBrqYxvcpXKX6saNpWJcU:bNWTfSWwU8i8esRx7rXDdOuGC+ewAtg

Score
10/10
bitrattrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

moonli.ddnsking.com:1234

Attributes
  • communication_password

    81dc9bdb52d04dc20036dbd8313ed055

  • tor_process

    tor

Targets

    • Target

      c222b81571013219fd99f7ca5fefa350d6aabd28b03bbc819048a67570db274e_JC.bat

    • Size

      2.6MB

    • MD5

      12d05ccce56b71317838c1f70c434fdd

    • SHA1

      db2b6548661dc0ad3c19439989e1c36bf62a9ca7

    • SHA256

      c222b81571013219fd99f7ca5fefa350d6aabd28b03bbc819048a67570db274e

    • SHA512

      79c4c072efba2838d053dd3912484e4138371eac29bd556e344c62abc1b49313bf562fcc6c613c7756c6d24ecc4203336da5aacaf9d4602eb8c5d6caa45053b2

    • SSDEEP

      24576:MFz0PTLOQXlNvJ9ZosU5cqcczDvwcbpSWwHt6H5P+gRnBrqYxvcpXKX6saNpWJcU:bNWTfSWwU8i8esRx7rXDdOuGC+ewAtg

    Score
    10/10
    bitrattrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks