Overview

overview

10

Static

static

3

4016119ba5...a5.exe

windows7-x64

10

4016119ba5...a5.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4016119ba57601bc543f501c4527d1a5

  • Size

    2.2MB

  • Sample

    240104-gs9lesceh3

  • MD5

    4016119ba57601bc543f501c4527d1a5

  • SHA1

    8a100cc045ffba3b26da65854693dbf16bd1c2e8

  • SHA256

    6d24e6ecd6bf6ffd18a68f7c778948f91a7246b1d6f5edfd37c35906a0560993

  • SHA512

    d51eec651c5135aee209259d7abd72d75c497777a87339087e71c1ddea571eab04cb667c7cd9f10eb74ae567adcfc37929ebe91f92452fece464daaa7b30aab1

  • SSDEEP

    49152:aaN8XyxfaWcko3MfUJtCqVphOqlpWy3aEoBOvHubP9vZqJCSxCyULta+sCcqUB7E:B8XyxfaWKM8fgqlpnEO2Zcwny5Lqk7CK

Score
10/10
bitratzgratrattrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

firewall.publicvm.com:25874

Attributes
  • communication_password

    a20ba4fb329f7dc66c0dd3562e9f9984

  • tor_process

    tor

Targets

    • Target

      4016119ba57601bc543f501c4527d1a5

    • Size

      2.2MB

    • MD5

      4016119ba57601bc543f501c4527d1a5

    • SHA1

      8a100cc045ffba3b26da65854693dbf16bd1c2e8

    • SHA256

      6d24e6ecd6bf6ffd18a68f7c778948f91a7246b1d6f5edfd37c35906a0560993

    • SHA512

      d51eec651c5135aee209259d7abd72d75c497777a87339087e71c1ddea571eab04cb667c7cd9f10eb74ae567adcfc37929ebe91f92452fece464daaa7b30aab1

    • SSDEEP

      49152:aaN8XyxfaWcko3MfUJtCqVphOqlpWy3aEoBOvHubP9vZqJCSxCyULta+sCcqUB7E:B8XyxfaWKM8fgqlpnEO2Zcwny5Lqk7CK

    Score
    10/10
    bitratzgratrattrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks