Overview

overview

10

Static

static

1

1bf1d6e8ef...0e.exe

windows7-x64

10

1bf1d6e8ef...0e.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1bf1d6e8ef16cccf201173d11aafe00e

  • Size

    2.6MB

  • Sample

    231230-zdt7asebbp

  • MD5

    1bf1d6e8ef16cccf201173d11aafe00e

  • SHA1

    ff3866b22e80acdf4175a1f496422c4736148bb0

  • SHA256

    f5481cd3d77f9e73b0e1a2425bf32886d2ff78f872a278b3b2dc0b00a35d1e95

  • SHA512

    07455146ba16e66b2b32af996ca51983354dcdcc8a26dd5b33a26f4c4c18a0f660c016e44de129222e912b28fb14ff239b0823eb62f360c80477ce1659788c42

  • SSDEEP

    49152:p+8EoyPJJFc4sIe7yAsxjTNwquM4e04xvbjATC2z+v2:p6PnFc4szuRHYN4J2zt

Score
10/10
bitratpersistencetrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

dns16-microsoft-health.com:80

Attributes
  • communication_password

    1fb84c2caca11d084aafca61f7284a70

  • install_dir

    Intel

  • install_file

    idrvr32.exe

  • tor_process

    tor

Targets

    • Target

      1bf1d6e8ef16cccf201173d11aafe00e

    • Size

      2.6MB

    • MD5

      1bf1d6e8ef16cccf201173d11aafe00e

    • SHA1

      ff3866b22e80acdf4175a1f496422c4736148bb0

    • SHA256

      f5481cd3d77f9e73b0e1a2425bf32886d2ff78f872a278b3b2dc0b00a35d1e95

    • SHA512

      07455146ba16e66b2b32af996ca51983354dcdcc8a26dd5b33a26f4c4c18a0f660c016e44de129222e912b28fb14ff239b0823eb62f360c80477ce1659788c42

    • SSDEEP

      49152:p+8EoyPJJFc4sIe7yAsxjTNwquM4e04xvbjATC2z+v2:p6PnFc4szuRHYN4J2zt

    Score
    10/10
    bitratpersistencetrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks