Overview

overview

10

Static

static

3

d0f8c7eda9...35.exe

windows7-x64

10

d0f8c7eda9...35.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d0f8c7eda9a5e772e3be9c3b67f43e35

  • Size

    4.0MB

  • Sample

    240317-qmnansfc35

  • MD5

    d0f8c7eda9a5e772e3be9c3b67f43e35

  • SHA1

    d73903af0fa940d67c123eb6e6722325e656c9c0

  • SHA256

    29f877de694aa77ca19d69ce15720a139b75f201761df81c70b64354290c87c2

  • SHA512

    d80dcfd2bb53674dca019cba0bed0894030da893d492baa38392ead742adc86e3722a0b0c490352ea263d01d8a8e02a0ed71cda183d3abecdeaca54feb380597

  • SSDEEP

    98304:uVXHrDqvnhfHh5Evm6KdlS522XiFC7o3vUzGJ:WXUhfnmmfz2J7Y

Score
10/10
bitrattrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

8.208.27.150:4550

Attributes
  • communication_password

    9996535e07258a7bbfd8b132435c5962

  • tor_process

    tor

Targets

    • Target

      d0f8c7eda9a5e772e3be9c3b67f43e35

    • Size

      4.0MB

    • MD5

      d0f8c7eda9a5e772e3be9c3b67f43e35

    • SHA1

      d73903af0fa940d67c123eb6e6722325e656c9c0

    • SHA256

      29f877de694aa77ca19d69ce15720a139b75f201761df81c70b64354290c87c2

    • SHA512

      d80dcfd2bb53674dca019cba0bed0894030da893d492baa38392ead742adc86e3722a0b0c490352ea263d01d8a8e02a0ed71cda183d3abecdeaca54feb380597

    • SSDEEP

      98304:uVXHrDqvnhfHh5Evm6KdlS522XiFC7o3vUzGJ:WXUhfnmmfz2J7Y

    Score
    10/10
    bitrattrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

1
T1064

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks