bitrat | a3b875701db56862b5acc2a1eda8db1a30f5e0617780973154a352ab4a662bdd | Triage

Submit
Reports

Overview

overview

Static

static

a3b875701d...dd.exe

windows7_x64

a3b875701d...dd.exe

windows10_x64

Sharing

General

Target

a3b875701db56862b5acc2a1eda8db1a30f5e0617780973154a352ab4a662bdd
Size

2.0MB
Sample

220121-3ddq4acgc7
MD5

81ef454de5367209d2c791fa6b1c8dd7
SHA1

32a1569c1c30e0241461df8128a86e0bdae26797
SHA256

a3b875701db56862b5acc2a1eda8db1a30f5e0617780973154a352ab4a662bdd
SHA512

18b2922b89526b5edb235d95b2337ab481c8ce773f431627662e18f49713c15dc291c56eac1c66ba7d534df779a74fd59b9111d304d12aced8144d41986198a9

Score

10^/10

bitrat persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

a3b875701db56862b5acc2a1eda8db1a30f5e0617780973154a352ab4a662bdd.exe

Resource

win7-en-20211208

bitrat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a3b875701db56862b5acc2a1eda8db1a30f5e0617780973154a352ab4a662bdd.exe

Resource

win10-en-20211208

bitrat persistence trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

bitrat

Version

1.35

C2

publiquilla.linkpc.net:9097

Attributes

communication_password
bfdba24ee3d61f0260c4dc1034c3ee43
install_dir
System320772736e3b1d119b3
install_file
System320772736e3b1d119b.exe
tor_process
tor

Targets

- Target
  
  a3b875701db56862b5acc2a1eda8db1a30f5e0617780973154a352ab4a662bdd
- Size
  
  2.0MB
- MD5
  
  81ef454de5367209d2c791fa6b1c8dd7
- SHA1
  
  32a1569c1c30e0241461df8128a86e0bdae26797
- SHA256
  
  a3b875701db56862b5acc2a1eda8db1a30f5e0617780973154a352ab4a662bdd
- SHA512
  
  18b2922b89526b5edb235d95b2337ab481c8ce773f431627662e18f49713c15dc291c56eac1c66ba7d534df779a74fd59b9111d304d12aced8144d41986198a9
Score

10^/10

bitrat trojan upx persistence
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitrattrojanupx

behavioral2

bitratpersistencetrojanupx

© 2018-2024

Terms | Privacy