Overview

overview

10

Static

static

3

SI-003940.exe

windows7-x64

10

SI-003940.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    153d30da5eef5ea34320ab8fa84f8e36.unknown

  • Size

    2.2MB

  • Sample

    231231-p4ffqaceel

  • MD5

    153d30da5eef5ea34320ab8fa84f8e36

  • SHA1

    b6da92b11b5e731d4473897354912071421e148c

  • SHA256

    b2e774fd1548ac75106578a7ebaf7c47105dcbf5aa187cd12b69da4195d75ef2

  • SHA512

    32a83c90075561132c57b8c226410e79add2d5e19fb96caf1ff1343d4b4203e00662597bcb0596bc30fbc0f5c874c4f2fa81de878fb8fc7275f1cb949791465b

  • SSDEEP

    49152:ejr8QuQLqpb0/udMUNPlam4t1Uyru4YNsbN:enhuQWb0/uWUNPlL4t1dNYUN

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

eewe.ddns.net:2880

Attributes
  • communication_password

    b18aba2f7c3bf981f4caba4a41e6b205

  • tor_process

    tor

Targets

    • Target

      SI-003940.exe

    • Size

      1.7MB

    • MD5

      bdcdb05af6a2ac95bb13857ab6b6debc

    • SHA1

      93999f28d1c8391d60830be5202233b63db93301

    • SHA256

      09df08b715bf11a0bc6cb5cdc5cd724927ba6c6a18ca2896f153d9b424196767

    • SHA512

      7a25c9768a0181bf3000c56d8f739a1835aa9114761a20e7d8ed21318467556acc26e183e832b907122fe2f2c32ab1750ccb3d016a2abead43955ad7050f73e5

    • SSDEEP

      49152:7jr8QuQLqpb0/udMUNPlam4t1Uyru4YNsbN:7nhuQWb0/uWUNPlL4t1dNYUN

    Score
    10/10
    bitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks