General

  • Target

    c27c16af4d315e2022f2bda8d6f7ed9802ca944c3005d70a08f7ca9763b31b20

  • Size

    3.8MB

  • Sample

    240906-hff9sa1gnn

  • MD5

    3e2f28a40f4fd22cefd4627a83e36198

  • SHA1

    49c19d61a6e6a8dc0968f94dc883182f773978e6

  • SHA256

    c27c16af4d315e2022f2bda8d6f7ed9802ca944c3005d70a08f7ca9763b31b20

  • SHA512

    558fce16df2873d0810bab1c733dc0b84ccda5b2a362a3c31ff0f3b08e921e63b79d8960f664aeb78af2129bac0fbfe107405cd73d98933f6b84a5eb03e6b1e3

  • SSDEEP

    98304:X77Pmq33rE/JDLPWZADUGer7B6iY74M/GmlwXVZ:f+R/eZADUXR

Score
10/10

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

178.208.94.214:1234

Attributes
  • communication_password

    81dc9bdb52d04dc20036dbd8313ed055

  • tor_process

    tor

Targets

    • Target

      c27c16af4d315e2022f2bda8d6f7ed9802ca944c3005d70a08f7ca9763b31b20

    • Size

      3.8MB

    • MD5

      3e2f28a40f4fd22cefd4627a83e36198

    • SHA1

      49c19d61a6e6a8dc0968f94dc883182f773978e6

    • SHA256

      c27c16af4d315e2022f2bda8d6f7ed9802ca944c3005d70a08f7ca9763b31b20

    • SHA512

      558fce16df2873d0810bab1c733dc0b84ccda5b2a362a3c31ff0f3b08e921e63b79d8960f664aeb78af2129bac0fbfe107405cd73d98933f6b84a5eb03e6b1e3

    • SSDEEP

      98304:X77Pmq33rE/JDLPWZADUGer7B6iY74M/GmlwXVZ:f+R/eZADUXR

    Score
    10/10
    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks