Overview

overview

10

Static

static

3

42af7513c4...0e.exe

windows7-x64

10

42af7513c4...0e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    42af7513c4f90b903faea61ef6f3730e

  • Size

    2.3MB

  • Sample

    240105-efcd2saec5

  • MD5

    42af7513c4f90b903faea61ef6f3730e

  • SHA1

    362f7f224e6a44efbd8111b73d3957ccbc8b6ad2

  • SHA256

    e04b61d1ca799559e8e22b4df62e49c134934fad3e9efe55d7336d171e4009d7

  • SHA512

    61e8827003371e6baee9ed6bdd30838314216358c8f9687e058f9ebe6f7a533af2858277dbf912d2a27f1aa9d106300e4267cf2a95a35bd21a233c9c5126c6bb

  • SSDEEP

    49152:ZTrFrY0PuAPqmxJic7p24NLfweBFBz2fKwz/KqKW:Z3lZuAPqmxJJ784NLourkrzCB

Score
10/10
bitratzgratrattrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

185.157.160.147:1975

Attributes
  • communication_password

    f49a6667c09a9e329afb64bc0a18a188

  • tor_process

    tor

Targets

    • Target

      42af7513c4f90b903faea61ef6f3730e

    • Size

      2.3MB

    • MD5

      42af7513c4f90b903faea61ef6f3730e

    • SHA1

      362f7f224e6a44efbd8111b73d3957ccbc8b6ad2

    • SHA256

      e04b61d1ca799559e8e22b4df62e49c134934fad3e9efe55d7336d171e4009d7

    • SHA512

      61e8827003371e6baee9ed6bdd30838314216358c8f9687e058f9ebe6f7a533af2858277dbf912d2a27f1aa9d106300e4267cf2a95a35bd21a233c9c5126c6bb

    • SSDEEP

      49152:ZTrFrY0PuAPqmxJic7p24NLfweBFBz2fKwz/KqKW:Z3lZuAPqmxJJ784NLourkrzCB

    Score
    10/10
    zgratratbitrattrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks