General

  • Target

    4ADCF3B25FC1E5194ED8610591036F12.exe

  • Size

    10KB

  • Sample

    240309-v6jttade93

  • MD5

    4adcf3b25fc1e5194ed8610591036f12

  • SHA1

    23c738342205fecc7d8f5c7316a861f07b0e4922

  • SHA256

    518e36189de0efd524a3d91bf2683b9d676e3638d8d81d8e37797eca863815dc

  • SHA512

    5d5c8db777b87249c34615a7c316f0b40fb4d0c535e4554e19d5e45972d0c7719de0f4ab893736cf60e7c87c06ce62e28025c1ceb3aeb69da7e3dd777ae74e3b

  • SSDEEP

    192:r+BmQx19wX6KpozKteihCilpDvUYTLpFeGKzwHV5:rM3COmQiUilRNTLreYV

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

carreor.ddns.net:53525

Attributes
  • communication_password

    d97250ddf14876971dd138aba1919877

  • tor_process

    tor

Targets

    • Target

      4ADCF3B25FC1E5194ED8610591036F12.exe

    • Size

      10KB

    • MD5

      4adcf3b25fc1e5194ed8610591036f12

    • SHA1

      23c738342205fecc7d8f5c7316a861f07b0e4922

    • SHA256

      518e36189de0efd524a3d91bf2683b9d676e3638d8d81d8e37797eca863815dc

    • SHA512

      5d5c8db777b87249c34615a7c316f0b40fb4d0c535e4554e19d5e45972d0c7719de0f4ab893736cf60e7c87c06ce62e28025c1ceb3aeb69da7e3dd777ae74e3b

    • SSDEEP

      192:r+BmQx19wX6KpozKteihCilpDvUYTLpFeGKzwHV5:rM3COmQiUilRNTLreYV

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks