General

  • Target

    a33ef1aeacaaab00c46cccf65a06b84f4d89399e53ee8aae9d0e6515a298f678

  • Size

    1.8MB

  • Sample

    240226-1mp5dahd2y

  • MD5

    421f90c576a980bc45f3e35f7781c8b0

  • SHA1

    fd68fb8cef3cea50bab8b8e83fdb2d0f40aeb9b9

  • SHA256

    a33ef1aeacaaab00c46cccf65a06b84f4d89399e53ee8aae9d0e6515a298f678

  • SHA512

    2fdd89cfcddc908503d8c3096040709bd50567e2786c6f1244ed7ec0852dfdda468dad4163adbd7101c1fed4dd0ac50526195adfa9ca5b1ee76f43db4e02d3fc

  • SSDEEP

    49152:vSAI96OhipsQwMinMPosfR39joN+GSvB7mCUMwzI3:6AoisjMBPLp32tSvQ14

Score
10/10

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

dorimebit.duckdns.org:2030

Attributes
  • communication_password

    827ccb0eea8a706c4c34a16891f84e7b

  • tor_process

    tor

Targets

    • Target

      COPY0001.exe

    • Size

      300.0MB

    • MD5

      ef077d3465b442673296cee268e2973a

    • SHA1

      438ec36e4cc7cad870740c5e926753f04baa1958

    • SHA256

      f68ccb24ae1039fdfe224fd82d46e2a30e2b082d923c92510162218d453e2cfe

    • SHA512

      e53eaa044e8da60afc25f785953b4272eb684391fee5ee32c8c35946c7324ef5dfd4d4cdd9a6ad71eb7c7717fa2d1f40cead8ae5c7c5273ef3a030fdd60091ed

    • SSDEEP

      49152:YwTaSh6OnQVq2ky+jEnogf1L79QxEGIvbDmCwM4BIdN90L:fTaOsqdy1nzdLOfIvm7

    Score
    10/10
    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • Detects executables packed with Babel

    • Detects executables packed with Dotfuscator

    • Detects executables packed with Goliath

    • Detects executables packed with SmartAssembly

    • Detects executables packed with dotNetProtector

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Tasks