Overview

overview

10

Static

static

10

stub.exe

windows7-x64

10

stub.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    stub.exe

  • Size

    3.8MB

  • Sample

    240128-p9re6sbcc8

  • MD5

    a0434d86f8c012b2eece341050dbed2e

  • SHA1

    7195898ca715046a8caf395ae6fc59641f9c6393

  • SHA256

    80034e8aa5b125cead7ee91b58c15a6342ae854590f0666c45254e2440110122

  • SHA512

    1cf8277b402670b49ab1608462be692ac614b61925de22b8d6b8c877215dd4938e2fc7fa8e2ee8b37ce2955a9bd6b85bdd2f1d1e33df508c42232ff63a69347a

  • SSDEEP

    98304:d77Pmq33rE/JDLPWZADUGer7B6iY74M/pmlwXVZ4FB:5+R/eZADUXR

Score
10/10
bitratpersistencetrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

103.153.182.89:1234

Attributes
  • communication_password

    81dc9bdb52d04dc20036dbd8313ed055

  • install_dir

    Install path

  • install_file

    Install name

  • tor_process

    tor

Targets

    • Target

      stub.exe

    • Size

      3.8MB

    • MD5

      a0434d86f8c012b2eece341050dbed2e

    • SHA1

      7195898ca715046a8caf395ae6fc59641f9c6393

    • SHA256

      80034e8aa5b125cead7ee91b58c15a6342ae854590f0666c45254e2440110122

    • SHA512

      1cf8277b402670b49ab1608462be692ac614b61925de22b8d6b8c877215dd4938e2fc7fa8e2ee8b37ce2955a9bd6b85bdd2f1d1e33df508c42232ff63a69347a

    • SSDEEP

      98304:d77Pmq33rE/JDLPWZADUGer7B6iY74M/pmlwXVZ4FB:5+R/eZADUXR

    Score
    10/10
    bitratpersistencetrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks