Overview

overview

10

Static

static

10

601d02a4d4...61.exe

windows7-x64

10

601d02a4d4...61.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    601d02a4d4a4e07310e9cdc0b56b9c61

  • Size

    3.8MB

  • Sample

    240116-rtlwvsdahn

  • MD5

    601d02a4d4a4e07310e9cdc0b56b9c61

  • SHA1

    515cba5cb1cce5409aed5d0cbfefceecb081baa2

  • SHA256

    adf9700e3661776e271d8ce3e87a90bd51ffd2de5210ee3618c8063f2553fdaf

  • SHA512

    b9259a9d07e9eedb655e120509cd6368e27d2241f6045551f6a3a7221dbab0ff152e1a06db810dd53e3371017d628a8efa82791e582b8895df0fa47c99bca3df

  • SSDEEP

    98304:X77Pmq33rE/JDLPWZADUGer7B6iY74M/hmlwXVZ:f+R/eZADUXR

Score
10/10
bitrattrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

paintedkitty.duckdns.org:4444

Attributes
  • communication_password

    202cb962ac59075b964b07152d234b70

  • tor_process

    tor

Targets

    • Target

      601d02a4d4a4e07310e9cdc0b56b9c61

    • Size

      3.8MB

    • MD5

      601d02a4d4a4e07310e9cdc0b56b9c61

    • SHA1

      515cba5cb1cce5409aed5d0cbfefceecb081baa2

    • SHA256

      adf9700e3661776e271d8ce3e87a90bd51ffd2de5210ee3618c8063f2553fdaf

    • SHA512

      b9259a9d07e9eedb655e120509cd6368e27d2241f6045551f6a3a7221dbab0ff152e1a06db810dd53e3371017d628a8efa82791e582b8895df0fa47c99bca3df

    • SSDEEP

      98304:X77Pmq33rE/JDLPWZADUGer7B6iY74M/hmlwXVZ:f+R/eZADUXR

    Score
    10/10
    bitrattrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks