bitrat | e9fc037cd4104162c1a600754a87d9aec3d3b983ad4146954c5ef9ca49752783 | Triage

Submit
Reports

Overview

overview

Static

static

e9fc037cd4...83.vbs

windows7_x64

e9fc037cd4...83.vbs

windows10_x64

Sharing

General

Target

e9fc037cd4104162c1a600754a87d9aec3d3b983ad4146954c5ef9ca49752783.vbs
Size

2KB
Sample

220104-2w6zxshfb9
MD5

52cc63019d7ac5726b375e14771cfc9e
SHA1

04158c38ec3c912b1b510e1479e927cf91ee3d68
SHA256

e9fc037cd4104162c1a600754a87d9aec3d3b983ad4146954c5ef9ca49752783
SHA512

71fcd939ab72b4a54f6c23b7eab5c45244c4a3f8e7f65edc29af721b0f1aa3484853fc5359d4c1fe2113659fb4b77ade415684100c9f27c5aa19680a8151f959

Score

10^/10

bitrat neshta njrat hacked evasion persistence spyware trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

e9fc037cd4104162c1a600754a87d9aec3d3b983ad4146954c5ef9ca49752783.vbs

Resource

win7-en-20211208

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e9fc037cd4104162c1a600754a87d9aec3d3b983ad4146954c5ef9ca49752783.vbs

Resource

win10-en-20211208

bitrat neshta njrat hacked evasion persistence spyware trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://transfer.sh/get/pBzucs/HHHHHHHHHHHHHHHH.txt

Extracted

Family

njrat

Version

1.9

Botnet

HacKed

Mutex

Microsoft.Exe

Attributes

reg_key
Microsoft.Exe

Extracted

Family

bitrat

Version

1.38

C2

1120bitratjan.duckdns.org:1120

Attributes

communication_password
e10adc3949ba59abbe56e057f20f883e
tor_process
tor

Targets

- Target
  
  e9fc037cd4104162c1a600754a87d9aec3d3b983ad4146954c5ef9ca49752783.vbs
- Size
  
  2KB
- MD5
  
  52cc63019d7ac5726b375e14771cfc9e
- SHA1
  
  04158c38ec3c912b1b510e1479e927cf91ee3d68
- SHA256
  
  e9fc037cd4104162c1a600754a87d9aec3d3b983ad4146954c5ef9ca49752783
- SHA512
  
  71fcd939ab72b4a54f6c23b7eab5c45244c4a3f8e7f65edc29af721b0f1aa3484853fc5359d4c1fe2113659fb4b77ade415684100c9f27c5aa19680a8151f959
Score

10^/10

bitrat neshta njrat hacked evasion persistence spyware trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Detect Neshta Payload
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Blocklisted process makes network request
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

bitratneshtanjrathackedevasionpersistencespywaretrojanupx

© 2018-2024

Terms | Privacy