Overview

overview

10

Static

static

10

7538dd6e69...18.msi

windows7-x64

7

7538dd6e69...18.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7538dd6e69d0c65d2dc0eb091c3ced18

  • Size

    3.8MB

  • Sample

    240125-w9lm9adgdp

  • MD5

    7538dd6e69d0c65d2dc0eb091c3ced18

  • SHA1

    9d91e4cc3c59c258ae2655119692c13c899d68d2

  • SHA256

    142a30f9ba3c2e1efbdf15241721da3b20d7b6436761d3eaafdcc095dc681fc4

  • SHA512

    935aed41fbc1bb42cdc4b2c10fd306286642428c017248a71297d7674439415a410464a75b0529eec4b7a98f052408afcde24a501f6970fa405d642aafadb6c6

  • SSDEEP

    98304:D77Pmq33rE/JDLPWZADUGer7B6iY74M/mmlwXVZaFB:L+R/eZADUXR

Score
10/10
bitrattrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

79.134.225.73:19099

Attributes
  • communication_password

    411f9a6dd54344976e951469585a6963

  • tor_process

    tor

Targets

    • Target

      7538dd6e69d0c65d2dc0eb091c3ced18

    • Size

      3.8MB

    • MD5

      7538dd6e69d0c65d2dc0eb091c3ced18

    • SHA1

      9d91e4cc3c59c258ae2655119692c13c899d68d2

    • SHA256

      142a30f9ba3c2e1efbdf15241721da3b20d7b6436761d3eaafdcc095dc681fc4

    • SHA512

      935aed41fbc1bb42cdc4b2c10fd306286642428c017248a71297d7674439415a410464a75b0529eec4b7a98f052408afcde24a501f6970fa405d642aafadb6c6

    • SSDEEP

      98304:D77Pmq33rE/JDLPWZADUGer7B6iY74M/mmlwXVZaFB:L+R/eZADUXR

    Score
    10/10
    bitrattrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks