Overview

overview

10

Static

static

10

81a157edc6...91.exe

windows7-x64

10

81a157edc6...91.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    81a157edc604cc6673fa3db1195880155f18fcbd7233e713c022279b0a355991

  • Size

    3.8MB

  • Sample

    240229-mpfrtsec6t

  • MD5

    ff2accf0c6c1124fa66cb199e9f62a88

  • SHA1

    92d36cda33a2234eb668fd8f964a6e92606ac8c3

  • SHA256

    81a157edc604cc6673fa3db1195880155f18fcbd7233e713c022279b0a355991

  • SHA512

    5414339ea996f4b090eb6b9c187357aef8271b21ea08b90ed7453e50cd4108a1a895fe9cc682775d4c563e69e22854134fba0cee9247f994ab30034e4ca53cd5

  • SSDEEP

    98304:d77Pmq33rE/JDLPWZADUGer7B6iY74M/bmlwXVZ4FBS:5+R/eZADUXRM

Score
10/10
bitrattrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

encrypted-channel.duckdns.org:443

Attributes
  • communication_password

    fe2d38267c9396132e3c55d49af5b3f2

  • tor_process

    tor

Targets

    • Target

      81a157edc604cc6673fa3db1195880155f18fcbd7233e713c022279b0a355991

    • Size

      3.8MB

    • MD5

      ff2accf0c6c1124fa66cb199e9f62a88

    • SHA1

      92d36cda33a2234eb668fd8f964a6e92606ac8c3

    • SHA256

      81a157edc604cc6673fa3db1195880155f18fcbd7233e713c022279b0a355991

    • SHA512

      5414339ea996f4b090eb6b9c187357aef8271b21ea08b90ed7453e50cd4108a1a895fe9cc682775d4c563e69e22854134fba0cee9247f994ab30034e4ca53cd5

    • SSDEEP

      98304:d77Pmq33rE/JDLPWZADUGer7B6iY74M/bmlwXVZ4FBS:5+R/eZADUXRM

    Score
    10/10
    bitrattrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks