bitpaymer | bbace4f48807035a5e868ae924426893f29edafce1a0b2feb51d278e7e2dd9d2 | Triage

Submit
Reports

Overview

overview

Static

static

3

bbace4f488...d2.exe

windows7-x64

bbace4f488...d2.exe

windows10-2004-x64

Sharing

General

Target

bbace4f48807035a5e868ae924426893f29edafce1a0b2feb51d278e7e2dd9d2
Size

272KB
Sample

240101-q6l7qaefa7
MD5

34441b7389336a401f4a9acb79172e40
SHA1

fcd96cd18b8ca9d33e50c3cfd3d1b9e2441acbdf
SHA256

bbace4f48807035a5e868ae924426893f29edafce1a0b2feb51d278e7e2dd9d2
SHA512

044e2c2f53d8dc3594a1f949a9ae4f2d4709ecf22204627a9aa82f4da152381059c36db5c44ceba290b65d11d6beb2ef5c127879ca5e27a9fb8dc08bd8128661
SSDEEP

3072:CQqE6DDDf22bL7bCJ+2TmOJjvodM3lW0uEcScV9d/2UCMKM:HqE6/DjnChTfJjvodIW0uEcScV9d/2p

Score

10^/10

bitpaymer backdoor discovery evasion exploit persistence ransomware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bbace4f48807035a5e868ae924426893f29edafce1a0b2feb51d278e7e2dd9d2.exe

Resource

win7-20231215-en

bitpaymer backdoor evasion persistence ransomware trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

bbace4f48807035a5e868ae924426893f29edafce1a0b2feb51d278e7e2dd9d2.exe

Resource

win10v2004-20231215-en

bitpaymer backdoor discovery evasion exploit persistence ransomware trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  bbace4f48807035a5e868ae924426893f29edafce1a0b2feb51d278e7e2dd9d2
- Size
  
  272KB
- MD5
  
  34441b7389336a401f4a9acb79172e40
- SHA1
  
  fcd96cd18b8ca9d33e50c3cfd3d1b9e2441acbdf
- SHA256
  
  bbace4f48807035a5e868ae924426893f29edafce1a0b2feb51d278e7e2dd9d2
- SHA512
  
  044e2c2f53d8dc3594a1f949a9ae4f2d4709ecf22204627a9aa82f4da152381059c36db5c44ceba290b65d11d6beb2ef5c127879ca5e27a9fb8dc08bd8128661
- SSDEEP
  
  3072:CQqE6DDDf22bL7bCJ+2TmOJjvodM3lW0uEcScV9d/2UCMKM:HqE6/DjnChTfJjvodIW0uEcScV9d/2p
Score

10^/10

bitpaymer backdoor evasion persistence ransomware trojan discovery exploit
- BitPaymer
  Bitpaymer is a Trojan horse that encrypts files on a computer.
  ransomware backdoor bitpaymer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Renames multiple (7800) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Possible privilege escalation attempt
  exploit
- Sets service image path in registry
  persistence
- Windows Defender anti-emulation file check
  Defender's emulator always creates certain fake files which can be used to detect it.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

File and Directory Permissions Modification

Credential Access

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bitpaymerbackdoorevasionpersistenceransomwaretrojan

behavioral2

bitpaymerbackdoordiscoveryevasionexploitpersistenceransomwaretrojan

© 2018-2024

Terms | Privacy