bitrat | 5d0970ca455fd58945e13f996aaf77a66a7468d0927a3cfd41cbd22b20d13cdc | Triage

Submit
Reports

Overview

overview

Static

static

Ouiojcejoy...np.exe

windows7_x64

Ouiojcejoy...np.exe

windows10_x64

Sharing

General

Target

Ouiojcejoyugnzyrllxqhjgpjgtmcpzvnp.exe
Size

836KB
Sample

210906-14ltaaegbj
MD5

53873b761c0fd3af78b4bcd0107f4a0b
SHA1

ee8e55e742670d4c7888ee9f5d06a6d9e92c4ef4
SHA256

5d0970ca455fd58945e13f996aaf77a66a7468d0927a3cfd41cbd22b20d13cdc
SHA512

31e57363ad2be1d7d6a0202d347e1b0bd4d9a08be36c2ab057187608f920f3471359b51e07baeb65e3a4445f028d3076db886f7956feaa4b53dda826f6280129

Score

10^/10

bitrat modiloader persistence suricata trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

Ouiojcejoyugnzyrllxqhjgpjgtmcpzvnp.exe

Resource

win7v20210408

bitrat persistence suricata trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Ouiojcejoyugnzyrllxqhjgpjgtmcpzvnp.exe

Resource

win10-en

bitrat modiloader persistence suricata trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Ouiojcejoyugnzyrllxqhjgpjgtmcpzvnp.exe
- Size
  
  836KB
- MD5
  
  53873b761c0fd3af78b4bcd0107f4a0b
- SHA1
  
  ee8e55e742670d4c7888ee9f5d06a6d9e92c4ef4
- SHA256
  
  5d0970ca455fd58945e13f996aaf77a66a7468d0927a3cfd41cbd22b20d13cdc
- SHA512
  
  31e57363ad2be1d7d6a0202d347e1b0bd4d9a08be36c2ab057187608f920f3471359b51e07baeb65e3a4445f028d3076db886f7956feaa4b53dda826f6280129
Score

10^/10

bitrat persistence suricata trojan upx modiloader
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- BitRAT Payload
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratpersistencesuricatatrojanupx

behavioral2

bitratmodiloaderpersistencesuricatatrojanupx

© 2018-2024

Terms | Privacy