Overview

overview

10

Static

static

3

dad4c7318b...c5.exe

windows7-x64

10

dad4c7318b...c5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dad4c7318b46644d7aa14a336281b2c5

  • Size

    3.4MB

  • Sample

    240321-gczfhscg98

  • MD5

    dad4c7318b46644d7aa14a336281b2c5

  • SHA1

    c0d76328d93a27eeb8b6b321703a889a095f8e18

  • SHA256

    4714811e90e7eb3fa08b27a95639c3bd8a836669749b28f9c0f24361e7ebe6ee

  • SHA512

    f178c5726b45220d8f5cc4ba324dba34733595e849061a3301eaa997acea6e179c4dee77ebb548e9ebae6c366aec09ecdf144729172c8b557a7ef3932fced833

  • SSDEEP

    49152:G8HIQk6JZi5RQxF+XWIzXy8H+OUrm9JQHSPopLWPcZgtI1WARZNaDRlGovw8:GfQDURkIzdZJQ+oRWEZwEWARYGf

Score
10/10
bitrattrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

snkno.duckdns.org:43413

Attributes
  • communication_password

    827ccb0eea8a706c4c34a16891f84e7b

  • tor_process

    tor

Targets

    • Target

      dad4c7318b46644d7aa14a336281b2c5

    • Size

      3.4MB

    • MD5

      dad4c7318b46644d7aa14a336281b2c5

    • SHA1

      c0d76328d93a27eeb8b6b321703a889a095f8e18

    • SHA256

      4714811e90e7eb3fa08b27a95639c3bd8a836669749b28f9c0f24361e7ebe6ee

    • SHA512

      f178c5726b45220d8f5cc4ba324dba34733595e849061a3301eaa997acea6e179c4dee77ebb548e9ebae6c366aec09ecdf144729172c8b557a7ef3932fced833

    • SSDEEP

      49152:G8HIQk6JZi5RQxF+XWIzXy8H+OUrm9JQHSPopLWPcZgtI1WARZNaDRlGovw8:GfQDURkIzdZJQ+oRWEZwEWARYGf

    Score
    10/10
    bitrattrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks