bitrat | 4f19d5ef50d476b9c41f8363bc749781b62b8ac8dc7cc2adb382b5b2a886dbd7 | Triage

Submit
Reports

Overview

overview

Static

static

today.exe

windows7_x64

today.exe

windows10_x64

Sharing

General

Target

today.exe
Size

6.6MB
Sample

210714-96mel8l5tx
MD5

b17086a611a2fd3cbacca63c0f99bfb5
SHA1

106e8f8f367ec6cc3ef9ee53cc21705bc4c15b3f
SHA256

4f19d5ef50d476b9c41f8363bc749781b62b8ac8dc7cc2adb382b5b2a886dbd7
SHA512

d6f5ef4323bdd665d79d8b724da9c2e28107e66d6a11f8ce7d1fea00cbe3502d96af0a20543c72ea3eea4f01d9ff2fbf97fa969c24ee028754c9ba7769f03a35

Score

10^/10

bitrat agilenet persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

today.exe

Resource

win7v20210410

bitrat agilenet persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

today.exe

Resource

win10v20210410

bitrat agilenet persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  today.exe
- Size
  
  6.6MB
- MD5
  
  b17086a611a2fd3cbacca63c0f99bfb5
- SHA1
  
  106e8f8f367ec6cc3ef9ee53cc21705bc4c15b3f
- SHA256
  
  4f19d5ef50d476b9c41f8363bc749781b62b8ac8dc7cc2adb382b5b2a886dbd7
- SHA512
  
  d6f5ef4323bdd665d79d8b724da9c2e28107e66d6a11f8ce7d1fea00cbe3502d96af0a20543c72ea3eea4f01d9ff2fbf97fa969c24ee028754c9ba7769f03a35
Score

10^/10

bitrat agilenet persistence trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- BitRAT Payload
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratagilenetpersistencetrojan

behavioral2

bitratagilenetpersistencetrojan

© 2018-2024

Terms | Privacy