Overview

overview

10

Static

static

10

58c4ea19f2...2e.exe

windows7-x64

10

58c4ea19f2...2e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    58c4ea19f2b1d19a71a9f1159f93433f2356661bd75cfdbf851d34039b05032e

  • Size

    3.8MB

  • Sample

    240229-jf2q6aad61

  • MD5

    b3c385b12b593f84e4f9e05d7f4066dc

  • SHA1

    4c0da33c6c5920c169bc900500404cc3730b0a7c

  • SHA256

    58c4ea19f2b1d19a71a9f1159f93433f2356661bd75cfdbf851d34039b05032e

  • SHA512

    a8915653dbaf7de7d7512bcb9d0e3a78d71b21d475d4359a655ca6ad7b90750e431d43654ac24af5546b3ccf0a6ecd4282486bd9c09436e2cd8e4e3627fd71a3

  • SSDEEP

    98304:d77Pmq33rE/JDLPWZADUGer7B6iY74M/vmlwXVZ4FB:5+R/eZADUXR

Score
10/10
bitratpersistencetrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

0.tcp.ngrok.io:19128

Attributes
  • communication_password

    92bfd6a529206b093c6840483e63902a

  • install_dir

    Google

  • install_file

    svchost.exe

  • tor_process

    tor

Targets

    • Target

      58c4ea19f2b1d19a71a9f1159f93433f2356661bd75cfdbf851d34039b05032e

    • Size

      3.8MB

    • MD5

      b3c385b12b593f84e4f9e05d7f4066dc

    • SHA1

      4c0da33c6c5920c169bc900500404cc3730b0a7c

    • SHA256

      58c4ea19f2b1d19a71a9f1159f93433f2356661bd75cfdbf851d34039b05032e

    • SHA512

      a8915653dbaf7de7d7512bcb9d0e3a78d71b21d475d4359a655ca6ad7b90750e431d43654ac24af5546b3ccf0a6ecd4282486bd9c09436e2cd8e4e3627fd71a3

    • SSDEEP

      98304:d77Pmq33rE/JDLPWZADUGer7B6iY74M/vmlwXVZ4FB:5+R/eZADUXR

    Score
    10/10
    bitratpersistencetrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks