bitrat | 7f8a9a4b555b66e9b4794c8b725d50a7664c6b3c2a73b6470ba65aac30f5b8a3 | Triage

Submit
Reports

Overview

overview

Static

static

7f8a9a4b55...le.exe

windows7_x64

7f8a9a4b55...le.exe

windows10_x64

Sharing

General

Target

7f8a9a4b555b66e9b4794c8b725d50a7664c6b3c2a73b6470ba65aac30f5b8a3.sample
Size

7.7MB
Sample

210726-tz32t32rq6
MD5

8999915258d4601769039a71c3c241de
SHA1

73fa66b1225cadf516b8654f7c11dab0f04d785d
SHA256

7f8a9a4b555b66e9b4794c8b725d50a7664c6b3c2a73b6470ba65aac30f5b8a3
SHA512

f1fff2e1e4588b9f5b3c35ea9c4d0b66741bf87cf0bbb771a64c2cbcc7323187539dcff567ab5ed76fe85876dde7636df4677ad65eaf94f13801af9377892428

Score

10^/10

bitrat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

7f8a9a4b555b66e9b4794c8b725d50a7664c6b3c2a73b6470ba65aac30f5b8a3.sample.exe

Resource

win7v20210410

bitrat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

7f8a9a4b555b66e9b4794c8b725d50a7664c6b3c2a73b6470ba65aac30f5b8a3.sample.exe

Resource

win10v20210410

bitrat trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  7f8a9a4b555b66e9b4794c8b725d50a7664c6b3c2a73b6470ba65aac30f5b8a3.sample
- Size
  
  7.7MB
- MD5
  
  8999915258d4601769039a71c3c241de
- SHA1
  
  73fa66b1225cadf516b8654f7c11dab0f04d785d
- SHA256
  
  7f8a9a4b555b66e9b4794c8b725d50a7664c6b3c2a73b6470ba65aac30f5b8a3
- SHA512
  
  f1fff2e1e4588b9f5b3c35ea9c4d0b66741bf87cf0bbb771a64c2cbcc7323187539dcff567ab5ed76fe85876dde7636df4677ad65eaf94f13801af9377892428
Score

10^/10

bitrat trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- BitRAT Payload
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitrattrojanupx

behavioral2

bitrattrojanupx

© 2018-2024

Terms | Privacy