Overview

overview

10

Static

static

3

062e404f79...4f.exe

windows7-x64

10

062e404f79...4f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    062e404f794bf1f0aebe06c82bb2204f

  • Size

    5.1MB

  • Sample

    231229-2tqvxshgdr

  • MD5

    062e404f794bf1f0aebe06c82bb2204f

  • SHA1

    7d4ef888f8168750582d04a9c227bf5c44329e34

  • SHA256

    df9932529eb49b70e0511e6a4ecf5fb5e3aa3e14b6e54b07aac2bfee434cd594

  • SHA512

    d038a34f8adb353a8b7deb330c0039a1d4ea57193dc552419fcffb0800288ce67d85d0e8dfe2ea9a8b6e4fd6abdf0d3a2200abc912c96dcf2a9c634cb1cf44cb

  • SSDEEP

    98304:nxfp60OIol+C5kybsSI44MZYIb3uVnTsLTv32HvdTdyUM2gk:nRA+2HlSM+jVTWv32Jg

Score
10/10
bitratzgratrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

omeno.duckdns.org:5867

Attributes
  • communication_password

    81dc9bdb52d04dc20036dbd8313ed055

  • tor_process

    tor

Targets

    • Target

      062e404f794bf1f0aebe06c82bb2204f

    • Size

      5.1MB

    • MD5

      062e404f794bf1f0aebe06c82bb2204f

    • SHA1

      7d4ef888f8168750582d04a9c227bf5c44329e34

    • SHA256

      df9932529eb49b70e0511e6a4ecf5fb5e3aa3e14b6e54b07aac2bfee434cd594

    • SHA512

      d038a34f8adb353a8b7deb330c0039a1d4ea57193dc552419fcffb0800288ce67d85d0e8dfe2ea9a8b6e4fd6abdf0d3a2200abc912c96dcf2a9c634cb1cf44cb

    • SSDEEP

      98304:nxfp60OIol+C5kybsSI44MZYIb3uVnTsLTv32HvdTdyUM2gk:nRA+2HlSM+jVTWv32Jg

    Score
    10/10
    zgratratbitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks