bitrat | 4bddc1b65b7a24af3d24bddcd3722811775f3f98a65fbc433c762e1615af28c1 | Triage

Sharing

General

Target

bd291342f9e67e12cfc6ba494b95be43
Size

3.8MB
Sample

240310-af3h1seg32
MD5

bd291342f9e67e12cfc6ba494b95be43
SHA1

477df3d4bc80e5a41ac22fa5fc0b652511e43907
SHA256

4bddc1b65b7a24af3d24bddcd3722811775f3f98a65fbc433c762e1615af28c1
SHA512

112a93d5dbde66ff17c601c72e7aeabd5bb54f506cda5173d3d6e2213b4c52fd53ff8ca4706440a457dedae40028bec1e664e343049e9930dc1c91f344f9760d
SSDEEP

98304:877Pmq33rE/JDLPWZADUGer7B6iY74M/zmlwXVZaFB:K+R/eZADUXR

Score

10^/10

bitrat persistence

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

89.248.173.187:5506

Attributes

communication_password
fcea920f7412b5da7be0cf42b8c93759
install_dir
sazpclv
install_file
wmzr.exe
tor_process
tor

Targets

- Target
  
  bd291342f9e67e12cfc6ba494b95be43
- Size
  
  3.8MB
- MD5
  
  bd291342f9e67e12cfc6ba494b95be43
- SHA1
  
  477df3d4bc80e5a41ac22fa5fc0b652511e43907
- SHA256
  
  4bddc1b65b7a24af3d24bddcd3722811775f3f98a65fbc433c762e1615af28c1
- SHA512
  
  112a93d5dbde66ff17c601c72e7aeabd5bb54f506cda5173d3d6e2213b4c52fd53ff8ca4706440a457dedae40028bec1e664e343049e9930dc1c91f344f9760d
- SSDEEP
  
  98304:877Pmq33rE/JDLPWZADUGer7B6iY74M/zmlwXVZaFB:K+R/eZADUXR
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2