Overview

overview

10

Static

static

3

Shell.exe

windows7-x64

10

Shell.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Shell.7z

  • Size

    1.6MB

  • Sample

    240109-vrdn9agaa6

  • MD5

    3d6f27af465677a62e2f72aee7e2c0f6

  • SHA1

    234cb4f1333a53129ce8d58f4f37aefbf1f6d6df

  • SHA256

    656399e157ed4116fd056b5e4889c25773d62c4862ccdf9646a3c27884d01576

  • SHA512

    8338e2930f3e52fb8996b9ed7c30b27a665c2fb57c973da87effdb711724c3ab5b40f4ee60a849c1910d2fe1cd05b69327db0814aff7399e3a3546dc0751e169

  • SSDEEP

    24576:YJeRO3VZAScexWdmv+eOel2gfc67JO7DaMwVYEyHyIa7x2qtfJrPPcArPiCVw7P6:YbKSadKAcE46q1yHyISPPcGVw7P6

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

doctorsbit.duckdns.org:4012

Attributes
  • communication_password

    827ccb0eea8a706c4c34a16891f84e7b

  • tor_process

    tor

Targets

    • Target

      Shell.exe

    • Size

      300.0MB

    • MD5

      ee792a047fb2febbdadee7d476c96fc8

    • SHA1

      ae71082d2321633e466489d37f29bfcec0913c8f

    • SHA256

      d7d98d8f0c584f85bf88ba9d1b309cd92bdc35f2786decf7ee8adae1d5904f61

    • SHA512

      6be6d06d64b949332f53f6411fd865a1c2832f57fdcce47e2afe1f8c78fa20fc248d3c950ee976a42969c590087fc64d7c2ebcc1d644eb40bc8948a7efcc6f28

    • SSDEEP

      49152:WCbXXLwkHUqmLMe6TOh3ElWQKBUDwIx2Sfr5jIiMjt2:WmrwkH2Me6KmWQKBddSH

    Score
    10/10
    bitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks