bitrat | 9c176196e1ea1061400ed75a74b16784aa58e87710f516eb363f296d0f909fb0 | Triage

Submit
Reports

Overview

overview

Static

static

9c176196e1...b0.exe

windows7_x64

9c176196e1...b0.exe

windows10_x64

Sharing

General

Target

9c176196e1ea1061400ed75a74b16784aa58e87710f516eb363f296d0f909fb0
Size

2.7MB
Sample

220121-3ez1qadbgr
MD5

98e0809917278f2487861ede52d85f97
SHA1

d22abc16310091741c5f963140a545ad886fb6f3
SHA256

9c176196e1ea1061400ed75a74b16784aa58e87710f516eb363f296d0f909fb0
SHA512

e342d5fbe794f141da8b9cd8dbb0d9c4655eda9c2b21dcec9a70a75c4d400f99c03c06b54262498774fd2c9be0680dbab71b8296d1d8ab22fc67a1f20f1df99f

Score

10^/10

bitrat persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

9c176196e1ea1061400ed75a74b16784aa58e87710f516eb363f296d0f909fb0.exe

Resource

win7-en-20211208

bitrat persistence trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

9c176196e1ea1061400ed75a74b16784aa58e87710f516eb363f296d0f909fb0.exe

Resource

win10-en-20211208

bitrat persistence trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

bitrat

Version

1.35

C2

publiquilla.linkpc.net:9089

Attributes

communication_password
bfdba24ee3d61f0260c4dc1034c3ee43
install_dir
windowssecurirysercivehealtht
install_file
windowssecuritrysercive.exe
tor_process
tor

Targets

- Target
  
  9c176196e1ea1061400ed75a74b16784aa58e87710f516eb363f296d0f909fb0
- Size
  
  2.7MB
- MD5
  
  98e0809917278f2487861ede52d85f97
- SHA1
  
  d22abc16310091741c5f963140a545ad886fb6f3
- SHA256
  
  9c176196e1ea1061400ed75a74b16784aa58e87710f516eb363f296d0f909fb0
- SHA512
  
  e342d5fbe794f141da8b9cd8dbb0d9c4655eda9c2b21dcec9a70a75c4d400f99c03c06b54262498774fd2c9be0680dbab71b8296d1d8ab22fc67a1f20f1df99f
Score

10^/10

bitrat persistence trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratpersistencetrojanupx

behavioral2

bitratpersistencetrojanupx

© 2018-2024

Terms | Privacy