BISTROMATH

Description

(US-CERT) This report looks at multiple versions of a full-featured RAT implant executable and multiple versions of the CAgent11 GUI implant controller/builder. These samples performs simple XOR network encoding and are capable of many features including conducting system surveys, file upload/download, process and command execution, and monitoring the microphone, clipboard, and the screen. The GUI controllers allow interaction with the implant as well as the option to dynamically build new implants with customized options. The implants are loaded with a trojanized executable containing a fake bitmap which decodes into shellcode which loads the embedded implant.

Names

Name
BISTROMATH

Type

Backdoor
Info stealer

Information

https://www.us-cert.gov/ncas/analysis-reports/ar20-045a

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.bistromath

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:BISTROMATH

Other Information

Uuid

63e35035-f269-4642-8038-f85b09fbe251

Last Card Change

2021-04-24

Threat Intelligence Garden

Explorer

BISTROMATH

BISTROMATH

Description

Names

Category

Type

Information

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks