Overview

overview

10

Static

static

10

0568f1eff0...fd.exe

windows7-x64

10

0568f1eff0...fd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0568f1eff0b3da74fd0f2ee51f6d12003c2471d05e547d5b7fb8d8a075d94cfd

  • Size

    3.8MB

  • Sample

    240229-lzmgpadd3z

  • MD5

    d1644422f803c81a6125aeb367ae7feb

  • SHA1

    ca59a64e8390d02331b273adc39ad19ef3149aa6

  • SHA256

    0568f1eff0b3da74fd0f2ee51f6d12003c2471d05e547d5b7fb8d8a075d94cfd

  • SHA512

    52732163630ec168ca31f67463ba818fbbbbc779a5d8a61af545fa25fd459086bdfe6686bf716660e9be90b8569b4ae67757feeff1000e245ab53998644d6dbd

  • SSDEEP

    98304:d77Pmq33rE/JDLPWZADUGer7B6iY74M/5mlwXVZ4FB:5+R/eZADUXR

Score
10/10
bitrattrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

stellacy.duckdns.org:12321

Attributes
  • communication_password

    3d150bce7883ebb1bfb333f9f184c11e

  • tor_process

    tor

Targets

    • Target

      0568f1eff0b3da74fd0f2ee51f6d12003c2471d05e547d5b7fb8d8a075d94cfd

    • Size

      3.8MB

    • MD5

      d1644422f803c81a6125aeb367ae7feb

    • SHA1

      ca59a64e8390d02331b273adc39ad19ef3149aa6

    • SHA256

      0568f1eff0b3da74fd0f2ee51f6d12003c2471d05e547d5b7fb8d8a075d94cfd

    • SHA512

      52732163630ec168ca31f67463ba818fbbbbc779a5d8a61af545fa25fd459086bdfe6686bf716660e9be90b8569b4ae67757feeff1000e245ab53998644d6dbd

    • SSDEEP

      98304:d77Pmq33rE/JDLPWZADUGer7B6iY74M/5mlwXVZ4FB:5+R/eZADUXR

    Score
    10/10
    bitrattrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks