General

  • Target

    a76da3ab31bd142881d3cc05b3903dba

  • Size

    1.9MB

  • Sample

    240226-1lwkrshc8v

  • MD5

    a76da3ab31bd142881d3cc05b3903dba

  • SHA1

    8b168865e07098254456c4bde49f0892e42ae2b1

  • SHA256

    84c32cb403361a5d8d8117cf941b89c6c819ac453a0e1f411eb5c2952cc35e7c

  • SHA512

    064a326303e24160ef5a27fa4843d98c1df545e5bcd077b25dfd1abd5cb7ee7a142edf4176a16ff0972ebcaada9604cd23ee14c01251c223336260669a010fff

  • SSDEEP

    24576:CjmjQcndRKZCy2BrhCeU2i2cJijFbCBTPmiY05tJMSQp5ysA7Yg1nLkziEmTxp+x:vQmXDFBU2iIBb0xY/6sUYYRLDIP

Score
10/10

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

79.134.225.90:4898

Attributes
  • communication_password

    7fcc5163240be484c36ebae222f656b3

  • tor_process

    tor

Targets

    • Target

      a76da3ab31bd142881d3cc05b3903dba

    • Size

      1.9MB

    • MD5

      a76da3ab31bd142881d3cc05b3903dba

    • SHA1

      8b168865e07098254456c4bde49f0892e42ae2b1

    • SHA256

      84c32cb403361a5d8d8117cf941b89c6c819ac453a0e1f411eb5c2952cc35e7c

    • SHA512

      064a326303e24160ef5a27fa4843d98c1df545e5bcd077b25dfd1abd5cb7ee7a142edf4176a16ff0972ebcaada9604cd23ee14c01251c223336260669a010fff

    • SSDEEP

      24576:CjmjQcndRKZCy2BrhCeU2i2cJijFbCBTPmiY05tJMSQp5ysA7Yg1nLkziEmTxp+x:vQmXDFBU2iIBb0xY/6sUYYRLDIP

    Score
    10/10
    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks