Resubmissions

09-04-2024 13:11

240409-qe3emafg95 10

09-04-2024 13:11

240409-qe2s4afg94 10

09-04-2024 13:10

240409-qegg6aba8y 10

09-04-2024 13:10

240409-qefwmafg75 10

10-07-2021 10:36

210710-89hyhpsaw6 9

General

  • Target

    23ac6a9a61ddc568b82e23d19873e1756be1450cd9989f698be3d18f083f24aa.bin.sample

  • Size

    5.2MB

  • Sample

    240414-meyvnafh43

  • MD5

    0bff2eb7cf8fbbf17ff6594b09101e3b

  • SHA1

    bfa77a5afa5d45aa178edc14361ca2a5825c96f5

  • SHA256

    23ac6a9a61ddc568b82e23d19873e1756be1450cd9989f698be3d18f083f24aa

  • SHA512

    0861b861e3579ea7867515cea737f811b28bdc689fe24a8e89d1cd9c47d621eb76488a444406d604e0ac860d5f4a8ec73d931828d4281372ad7827af61e73f13

  • SSDEEP

    98304:3mcwWGj36qlPEo+AiJGIvKL10DGXPXbgkIjqNFHBAMSEFkU9WFn5fG2iD8ND3+P:2BP7lPEo+Phu3LjIjqjHBqEFPEF579Nr

Malware Config

Targets

    • Target

      23ac6a9a61ddc568b82e23d19873e1756be1450cd9989f698be3d18f083f24aa.bin.sample

    • Size

      5.2MB

    • MD5

      0bff2eb7cf8fbbf17ff6594b09101e3b

    • SHA1

      bfa77a5afa5d45aa178edc14361ca2a5825c96f5

    • SHA256

      23ac6a9a61ddc568b82e23d19873e1756be1450cd9989f698be3d18f083f24aa

    • SHA512

      0861b861e3579ea7867515cea737f811b28bdc689fe24a8e89d1cd9c47d621eb76488a444406d604e0ac860d5f4a8ec73d931828d4281372ad7827af61e73f13

    • SSDEEP

      98304:3mcwWGj36qlPEo+AiJGIvKL10DGXPXbgkIjqNFHBAMSEFkU9WFn5fG2iD8ND3+P:2BP7lPEo+Phu3LjIjqjHBqEFPEF579Nr

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • BitRAT payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.