Overview

overview

10

Static

static

1

mark.exe

windows7-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mark.exe

  • Size

    4.0MB

  • Sample

    240117-kesbrsbgel

  • MD5

    f81daa62b8a7faba9b529b0c87d3caa2

  • SHA1

    0df66176605d810ccb12644e3c94c2de703ce1d5

  • SHA256

    ca90a2014f3fcf373516b62575649dfa84005a5bba929be80732076a72e5b249

  • SHA512

    065e4f88cdb4a16390475ed49c86046208e8db01313e34b09cc4965234f92ac371488a65a57c06ea27802aea9c75a4afdf59724e193e2c2a218128e43f054be0

  • SSDEEP

    49152:0yX+ajZM0IE8omYWh5gu/8qaR2ihf6TI76DPPjhVTZW3bGnWjZ5wVg76Dcj741a0:0yXDdIE2YcGuUfRPhfoHTYeQOVgua0

Score
10/10
bitratredlineinfostealertrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

serese.duckdns.org:20612

Attributes
  • communication_password

    81dc9bdb52d04dc20036dbd8313ed055

  • tor_process

    tor

Targets

    • Target

      mark.exe

    • Size

      4.0MB

    • MD5

      f81daa62b8a7faba9b529b0c87d3caa2

    • SHA1

      0df66176605d810ccb12644e3c94c2de703ce1d5

    • SHA256

      ca90a2014f3fcf373516b62575649dfa84005a5bba929be80732076a72e5b249

    • SHA512

      065e4f88cdb4a16390475ed49c86046208e8db01313e34b09cc4965234f92ac371488a65a57c06ea27802aea9c75a4afdf59724e193e2c2a218128e43f054be0

    • SSDEEP

      49152:0yX+ajZM0IE8omYWh5gu/8qaR2ihf6TI76DPPjhVTZW3bGnWjZ5wVg76Dcj741a0:0yXDdIE2YcGuUfRPhfoHTYeQOVgua0

    Score
    10/10
    bitratredlineinfostealertrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks