bitrat | 48c51dddfa0bca653fe6adc5c0508fe9ffdd38f297599027d1664e4a79ebff8a | Triage

Sharing

General

Target

71eb4c27855079bd19866cba9ef2c5f1
Size

3.8MB
Sample

240124-lw7nfsfdcr
MD5

71eb4c27855079bd19866cba9ef2c5f1
SHA1

ba7f626452323d85f20fb796b6e6d435a979e9ec
SHA256

48c51dddfa0bca653fe6adc5c0508fe9ffdd38f297599027d1664e4a79ebff8a
SHA512

ddbda8e486e0db5143160037e906a76c34bb891194e2671f21ff4d82b1a5d14c81ded7a5dc3336e726e80e384e1948a0b79a5243a753dfac8c8cad5f465a1d5f
SSDEEP

49152:gXUIEeZzdeh/c7p1rNdd+JNEj0ykdj21x1YhFlX4bA/Hg/11VzeLG/7wqNKB2VIN:gXrEeZzdhjuV/gd1VzsGUqNKTHvQejR

Score

10^/10

bitrat persistence

Malware Config

Extracted

Family

bitrat

Version

1.35

C2

hureseyd.top:443

Attributes

communication_password
25d55ad283aa400af464c76d713c07ad
install_dir
Microsoft Defender Updates
install_file
msdefender.exe
tor_process
tor

Targets

- Target
  
  71eb4c27855079bd19866cba9ef2c5f1
- Size
  
  3.8MB
- MD5
  
  71eb4c27855079bd19866cba9ef2c5f1
- SHA1
  
  ba7f626452323d85f20fb796b6e6d435a979e9ec
- SHA256
  
  48c51dddfa0bca653fe6adc5c0508fe9ffdd38f297599027d1664e4a79ebff8a
- SHA512
  
  ddbda8e486e0db5143160037e906a76c34bb891194e2671f21ff4d82b1a5d14c81ded7a5dc3336e726e80e384e1948a0b79a5243a753dfac8c8cad5f465a1d5f
- SSDEEP
  
  49152:gXUIEeZzdeh/c7p1rNdd+JNEj0ykdj21x1YhFlX4bA/Hg/11VzeLG/7wqNKB2VIN:gXrEeZzdhjuV/gd1VzsGUqNKTHvQejR
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2