Overview

overview

10

Static

static

5

4d26e12d17...3c.exe

windows7-x64

10

4d26e12d17...3c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4d26e12d17a42568aa1f7d4b2f36aa3c.exe

  • Size

    2.0MB

  • Sample

    240512-back3sbg29

  • MD5

    4d26e12d17a42568aa1f7d4b2f36aa3c

  • SHA1

    c65c6120cb491c683d28cd7d913e062ca71acdf4

  • SHA256

    c3bf75a13d38a48c126476948c06bdfca08ee0bb706a39c5d97f77e6c63fb8ae

  • SHA512

    5dbecb961fd21062cc9fab5ea4ebb22563331bbfb6210b06ef38f9cf5620f26862f1e954659859afcc58d5fdf0a95e2ac968cb574618ae346f167c0e1909d2dd

  • SSDEEP

    49152:ZTvC/MTQYxsWR7afXmpqVyBl8VaLH4QxP6Xw:ljTQYxsWR+mpqVA2YD466X

Score
10/10
bitrattrojan

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

MyBtrpub.dynuddns.com:8889

Attributes
  • communication_password

    cba52b50d9cf77a308a6bedcd075f95e

  • tor_process

    tor

Targets

    • Target

      4d26e12d17a42568aa1f7d4b2f36aa3c.exe

    • Size

      2.0MB

    • MD5

      4d26e12d17a42568aa1f7d4b2f36aa3c

    • SHA1

      c65c6120cb491c683d28cd7d913e062ca71acdf4

    • SHA256

      c3bf75a13d38a48c126476948c06bdfca08ee0bb706a39c5d97f77e6c63fb8ae

    • SHA512

      5dbecb961fd21062cc9fab5ea4ebb22563331bbfb6210b06ef38f9cf5620f26862f1e954659859afcc58d5fdf0a95e2ac968cb574618ae346f167c0e1909d2dd

    • SSDEEP

      49152:ZTvC/MTQYxsWR7afXmpqVyBl8VaLH4QxP6Xw:ljTQYxsWR+mpqVA2YD466X

    Score
    10/10
    bitrattrojan

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks