Overview

overview

10

Static

static

AudioApplication.vbs

windows7_x64

10

AudioApplication.vbs

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AudioApplication.vbs

  • Size

    3KB

  • Sample

    220119-hxneesffh4

  • MD5

    257cb7d47ef7b5221bd8d95cbdd7f47e

  • SHA1

    0f4cb975fbaf27684908503de9476a2d02646734

  • SHA256

    b425d52cfdada3b73bdc0cb7bbcb57b72f2b2b95182dbc2d61fafecdcc6aa5f9

  • SHA512

    d0f100255b697a85393a2961f11d4d490df8a0af31133629673cd69b2a4f8a85fe45e051557ddcfa69679aa392d3a8138a013d4fff7674bdb918e491c2356a67

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://185.7.214.7/BITRA/oo.html

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://185.7.214.7/BITRA/AU.PNG

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://185.7.214.7/BITRA/YES.PNG

Extracted

Family

bitrat

Version

1.38

C2

185.7.214.8:4884

Attributes
  • communication_password

    311f4e4b7562e9d5ba31bd6afa686479

  • tor_process

    tor

Targets

    • Target

      AudioApplication.vbs

    • Size

      3KB

    • MD5

      257cb7d47ef7b5221bd8d95cbdd7f47e

    • SHA1

      0f4cb975fbaf27684908503de9476a2d02646734

    • SHA256

      b425d52cfdada3b73bdc0cb7bbcb57b72f2b2b95182dbc2d61fafecdcc6aa5f9

    • SHA512

      d0f100255b697a85393a2961f11d4d490df8a0af31133629673cd69b2a4f8a85fe45e051557ddcfa69679aa392d3a8138a013d4fff7674bdb918e491c2356a67

    Score
    10/10
    bitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Blocklisted process makes network request

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks