Overview

overview

10

Static

static

3

15478642d4...84.exe

windows7-x64

10

15478642d4...84.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15478642d48681a67374167d173d4f84

  • Size

    4.9MB

  • Sample

    231230-l3vx8sgbf5

  • MD5

    15478642d48681a67374167d173d4f84

  • SHA1

    9790217e8b9a2134f2abf451ac68c847dc31c905

  • SHA256

    4e1c013bf36b27f78e0fdc7ab5a67bc3f62f33c97f5848daf40df7ec7d842fa4

  • SHA512

    4b8c58f0605c562bddddabff542b76a06a65206c90c3bf430752785287fc88afc2a38c7780e1d94650735ec9a0f45ad8d9540e10fd0300734626c867d0ee5819

  • SSDEEP

    98304:6jT71ntlY5xzFunCcZ2iH9oFfQPjpw6D8cKuEBQ5Qbg+db778Fm/S3DdK1NPgf6K:i3fCcZZ2VQtbXQ9A5DdK1NPgCWXaYRX7

Score
10/10
bitratpersistencetrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

185.215.113.102:1234

Attributes
  • communication_password

    5d55208d3d81a0bf50741250fe5b93d7

  • install_dir

    GuiterX

  • install_file

    GuiterX.exe

  • tor_process

    tor

Targets

    • Target

      15478642d48681a67374167d173d4f84

    • Size

      4.9MB

    • MD5

      15478642d48681a67374167d173d4f84

    • SHA1

      9790217e8b9a2134f2abf451ac68c847dc31c905

    • SHA256

      4e1c013bf36b27f78e0fdc7ab5a67bc3f62f33c97f5848daf40df7ec7d842fa4

    • SHA512

      4b8c58f0605c562bddddabff542b76a06a65206c90c3bf430752785287fc88afc2a38c7780e1d94650735ec9a0f45ad8d9540e10fd0300734626c867d0ee5819

    • SSDEEP

      98304:6jT71ntlY5xzFunCcZ2iH9oFfQPjpw6D8cKuEBQ5Qbg+db778Fm/S3DdK1NPgf6K:i3fCcZZ2VQtbXQ9A5DdK1NPgCWXaYRX7

    Score
    10/10
    bitratpersistencetrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks