Overview

overview

10

Static

static

3

1986c381aa...51.exe

windows7-x64

10

1986c381aa...51.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1986c381aa62399f7e9d0b78e220d251

  • Size

    2.0MB

  • Sample

    231230-qel3msggf7

  • MD5

    1986c381aa62399f7e9d0b78e220d251

  • SHA1

    619700a00961904426b5ecae5b344f753315738d

  • SHA256

    1972ef1673d32236f0c87e52ddab2d5472af789e6de1d70ccd22c4cdf4839e54

  • SHA512

    f1b7baf0576aa873c59bd0dc2eac11d297b6c1d8b6080ca99dcff694338049f09ddb66970a55a327800cbb7855b25d5548d4669426732761bd81991d478d1f15

  • SSDEEP

    49152:AYvMRWsoJqFYqKRd5AyM3xSa3jBSWC7NjPi9F+w:A9RYJqFYFxAbBSa3jAXj9w

Score
10/10
bitratpersistencetrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

89.248.173.187:5506

Attributes
  • communication_password

    fcea920f7412b5da7be0cf42b8c93759

  • install_dir

    sazpclv

  • install_file

    wmzr.exe

  • tor_process

    tor

Targets

    • Target

      1986c381aa62399f7e9d0b78e220d251

    • Size

      2.0MB

    • MD5

      1986c381aa62399f7e9d0b78e220d251

    • SHA1

      619700a00961904426b5ecae5b344f753315738d

    • SHA256

      1972ef1673d32236f0c87e52ddab2d5472af789e6de1d70ccd22c4cdf4839e54

    • SHA512

      f1b7baf0576aa873c59bd0dc2eac11d297b6c1d8b6080ca99dcff694338049f09ddb66970a55a327800cbb7855b25d5548d4669426732761bd81991d478d1f15

    • SSDEEP

      49152:AYvMRWsoJqFYqKRd5AyM3xSa3jBSWC7NjPi9F+w:A9RYJqFYFxAbBSa3jAXj9w

    Score
    10/10
    bitratpersistencetrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks