General

  • Target

    2024-05-10_3d70017a2b6d0c6859d7004b651a5d7a_ryuk

  • Size

    11.0MB

  • Sample

    240510-aszynabb92

  • MD5

    3d70017a2b6d0c6859d7004b651a5d7a

  • SHA1

    f954835541b5a2e7863091a626007f3df181a3ed

  • SHA256

    bc28a9c3ab8c1e7e13f6634c1eff7bed34d3dec2f5979f25101270303e69d06e

  • SHA512

    6fa6f871e61ce7294db6e1dee046b62fd4cf515c615fb5d63a1db207f5d976c41720e9124f607b7a928b058dff93bd2056b84eef955a8c01baa7767244ca6140

  • SSDEEP

    196608:EVFLHg8HxKtyCTFdynneMeR5U8kB1eLOPwdrhEVSL2v8hpffR5vSGRNJpoEzoCDh:OgQxiyKunnQDQBPw5aVSLo8phZS0yEEG

Malware Config

Extracted

Family

bitrat

Version

1.34

C2

23.105.131.220:4898

Attributes
  • communication_password

    81dc9bdb52d04dc20036dbd8313ed055

  • tor_process

    tor

Targets

    • Target

      2024-05-10_3d70017a2b6d0c6859d7004b651a5d7a_ryuk

    • Size

      11.0MB

    • MD5

      3d70017a2b6d0c6859d7004b651a5d7a

    • SHA1

      f954835541b5a2e7863091a626007f3df181a3ed

    • SHA256

      bc28a9c3ab8c1e7e13f6634c1eff7bed34d3dec2f5979f25101270303e69d06e

    • SHA512

      6fa6f871e61ce7294db6e1dee046b62fd4cf515c615fb5d63a1db207f5d976c41720e9124f607b7a928b058dff93bd2056b84eef955a8c01baa7767244ca6140

    • SSDEEP

      196608:EVFLHg8HxKtyCTFdynneMeR5U8kB1eLOPwdrhEVSL2v8hpffR5vSGRNJpoEzoCDh:OgQxiyKunnQDQBPw5aVSLo8phZS0yEEG

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • UPX dump on OEP (original entry point)

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks