Overview

overview

10

Static

static

3

9aad75171c...db.exe

windows7-x64

10

9aad75171c...db.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9aad75171c9f40314bb14ef323bb8fdb

  • Size

    6.1MB

  • Sample

    231222-qetsgseecl

  • MD5

    9aad75171c9f40314bb14ef323bb8fdb

  • SHA1

    82ec3149cab1039b2b356b8ac2d972114fc142d6

  • SHA256

    c4490d8166adf18292c8bb887a344662653881d605c71472c85e69dcc6f24f37

  • SHA512

    8de2ebe81c364ce29348e7a4b14665fc35d3a00eb5dcaaf831bca4674548b0e4e30a0be0f911386d582ece6a7a76fd3b0174a6065e50c9f982daf160f49b6719

  • SSDEEP

    98304:Gpg+erC8auYWOB+ljN6t4DiJoQJeLXFRahqvf29NvZHuXCMd/56qHstvaPXCaz2I:Wg1rOWOgotmiJoQJ4b3jXpdtHwvaj

Score
10/10
bitratpersistencetrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

atdf.ddns.net:3000

Attributes
  • communication_password

    41cfcc9640be890d8075ae5322d51928

  • install_dir

    Documents

  • install_file

    Microsoft Runtime.exe

  • tor_process

    tor

Targets

    • Target

      9aad75171c9f40314bb14ef323bb8fdb

    • Size

      6.1MB

    • MD5

      9aad75171c9f40314bb14ef323bb8fdb

    • SHA1

      82ec3149cab1039b2b356b8ac2d972114fc142d6

    • SHA256

      c4490d8166adf18292c8bb887a344662653881d605c71472c85e69dcc6f24f37

    • SHA512

      8de2ebe81c364ce29348e7a4b14665fc35d3a00eb5dcaaf831bca4674548b0e4e30a0be0f911386d582ece6a7a76fd3b0174a6065e50c9f982daf160f49b6719

    • SSDEEP

      98304:Gpg+erC8auYWOB+ljN6t4DiJoQJeLXFRahqvf29NvZHuXCMd/56qHstvaPXCaz2I:Wg1rOWOgotmiJoQJ4b3jXpdtHwvaj

    Score
    10/10
    bitratpersistencetrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks