Overview

overview

10

Static

static

1

0x.vbs

windows7-x64

10

0x.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0x.png

  • Size

    62KB

  • Sample

    240319-zr32csgb4w

  • MD5

    34d6b90b676cf2fe59153c0c01b59278

  • SHA1

    396c2789cf583c24b047976dc91584aa703c067a

  • SHA256

    acec28de93d3ea0afc8d7101cadc56f07ef03492d1b398769c2d20e358b3b846

  • SHA512

    f20cfcd266b691c70f530b92244dd80eddbd5a5c19d1c08bd6b330ff15217e8fef5ca221adabdc75fc2ac1cb4aae8e729073fe85e13c43a89f5cb56c0310af2f

  • SSDEEP

    1536:y9V9A9J9v9/9U9U9v9U9v9A9m9v9/9U9U9v9U9v:F

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://193.233.132.136/a/a.png

Extracted

Family

bitrat

Version

1.38

C2

193.233.132.136:4404

Attributes
  • communication_password

    93d93f0d629d26b535ee4c950717ab2b

  • tor_process

    tor

Targets

    • Target

      0x.png

    • Size

      62KB

    • MD5

      34d6b90b676cf2fe59153c0c01b59278

    • SHA1

      396c2789cf583c24b047976dc91584aa703c067a

    • SHA256

      acec28de93d3ea0afc8d7101cadc56f07ef03492d1b398769c2d20e358b3b846

    • SHA512

      f20cfcd266b691c70f530b92244dd80eddbd5a5c19d1c08bd6b330ff15217e8fef5ca221adabdc75fc2ac1cb4aae8e729073fe85e13c43a89f5cb56c0310af2f

    • SSDEEP

      1536:y9V9A9J9v9/9U9U9v9U9v9A9m9v9/9U9U9v9U9v:F

    Score
    10/10
    bitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks