General

  • Target

    b490cb2051120fae80af8e0474f240c0

  • Size

    2.1MB

  • Sample

    240305-nbajbsdd3z

  • MD5

    b490cb2051120fae80af8e0474f240c0

  • SHA1

    86fa25338ff3a67671290f5736e5bee3aaf08f4d

  • SHA256

    870529ce8a6938063220619a4635b6bde6bf9bc18cc735a0157bc4ea24187ac4

  • SHA512

    2e99eedcbcefc2283eee86aff1d6b857da733b2f367a584707ae71fb67d2bd955a908e50f34b779264f914d99bf10db3f8c834dabce567aa3afedbac0ca79ff2

  • SSDEEP

    49152:fx5QnyEOfVjjLKIeVs7scsucYOAlIecXuozwoPER0qKH94HG/x8h:frQnyEyVheVs77sucYOaIeStTPE5KH94

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

con.microgent.ru:6992

Attributes
  • communication_password

    760d1a76fde860fea97ca75974d2a4d1

  • tor_process

    tor

Targets

    • Target

      b490cb2051120fae80af8e0474f240c0

    • Size

      2.1MB

    • MD5

      b490cb2051120fae80af8e0474f240c0

    • SHA1

      86fa25338ff3a67671290f5736e5bee3aaf08f4d

    • SHA256

      870529ce8a6938063220619a4635b6bde6bf9bc18cc735a0157bc4ea24187ac4

    • SHA512

      2e99eedcbcefc2283eee86aff1d6b857da733b2f367a584707ae71fb67d2bd955a908e50f34b779264f914d99bf10db3f8c834dabce567aa3afedbac0ca79ff2

    • SSDEEP

      49152:fx5QnyEOfVjjLKIeVs7scsucYOAlIecXuozwoPER0qKH94HG/x8h:frQnyEyVheVs77sucYOaIeStTPE5KH94

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks