Overview

overview

10

Static

static

3

2ab11c37b8...63.exe

windows7-x64

10

2ab11c37b8...63.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2ab11c37b84f87c8f05bbd7997648e63

  • Size

    1.7MB

  • Sample

    231231-gj25zsbef5

  • MD5

    2ab11c37b84f87c8f05bbd7997648e63

  • SHA1

    317b103a0b4cb143a1e26a46f15c550850f46645

  • SHA256

    29dd2b13f081a0c7f8312c4b4c433ccdcc3b3a83b91a16a88393370dda44f60b

  • SHA512

    782ba79e5f521968cc596c091e29a1d9d55c4a91488bbcfb1eb463850a405d9e3ebc09da08c5002c415a68f30f19e3654ccdf23274f4f9b004a254da25d41d02

  • SSDEEP

    49152:vS4/sAt6LKa0qrxt0fHuv4B9ZKOZLNk+ZgXFebV:Hrqroi6ZjLmwbV

Score
10/10
bitratzgratrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

eter102.dvrlists.com:3050

Attributes
  • communication_password

    fea0f7015af40ae69a386f06f28a8d31

  • tor_process

    tor

Targets

    • Target

      2ab11c37b84f87c8f05bbd7997648e63

    • Size

      1.7MB

    • MD5

      2ab11c37b84f87c8f05bbd7997648e63

    • SHA1

      317b103a0b4cb143a1e26a46f15c550850f46645

    • SHA256

      29dd2b13f081a0c7f8312c4b4c433ccdcc3b3a83b91a16a88393370dda44f60b

    • SHA512

      782ba79e5f521968cc596c091e29a1d9d55c4a91488bbcfb1eb463850a405d9e3ebc09da08c5002c415a68f30f19e3654ccdf23274f4f9b004a254da25d41d02

    • SSDEEP

      49152:vS4/sAt6LKa0qrxt0fHuv4B9ZKOZLNk+ZgXFebV:Hrqroi6ZjLmwbV

    Score
    10/10
    bitratzgratrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks