bitrat | 1df11ec4ef8cfeda563e1103d5e0cdc4ed10601b37e0ea9f93be82433ab68c72 | Triage

Submit
Reports

Overview

overview

Static

static

Order_2190...ry.exe

windows7_x64

Order_2190...ry.exe

windows10_x64

Sharing

General

Target

Order_2190034_January.exe
Size

785KB
Sample

220107-aq2z8scbck
MD5

751cfacd6de472704d072d56cd27769e
SHA1

733fd283e27fedb060e4b841f4737a28ba126600
SHA256

1df11ec4ef8cfeda563e1103d5e0cdc4ed10601b37e0ea9f93be82433ab68c72
SHA512

b036ad1a18b920fe56686d6a8b699286dc646bf992823617b73b1f7bae7197ffe1ebc80999a861cab92bf97fcb6855cdcef061d8bf5a27631179b467ffec2d39

Score

10^/10

bitrat evasion persistence suricata trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

Order_2190034_January.exe

Resource

win7-en-20211208

bitrat evasion persistence suricata trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Order_2190034_January.exe

Resource

win10-en-20211208

bitrat evasion persistence suricata trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

severdops.ddns.net:3071

Attributes

communication_password
29ef52e7563626a96cea7f4b4085c124
tor_process
tor

Targets

- Target
  
  Order_2190034_January.exe
- Size
  
  785KB
- MD5
  
  751cfacd6de472704d072d56cd27769e
- SHA1
  
  733fd283e27fedb060e4b841f4737a28ba126600
- SHA256
  
  1df11ec4ef8cfeda563e1103d5e0cdc4ed10601b37e0ea9f93be82433ab68c72
- SHA512
  
  b036ad1a18b920fe56686d6a8b699286dc646bf992823617b73b1f7bae7197ffe1ebc80999a861cab92bf97fcb6855cdcef061d8bf5a27631179b467ffec2d39
Score

10^/10

bitrat evasion persistence suricata trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Windows security bypass
  evasion trojan
- suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Uses the VBS compiler for execution
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Scripting

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratevasionpersistencesuricatatrojanupx

behavioral2

bitratevasionpersistencesuricatatrojanupx

© 2018-2024

Terms | Privacy