bitrat | 263b305d6a17491a0dd9dd32c5e56536263326e716e0474a132c1d8f8cc0878d | Triage

Submit
Reports

Overview

overview

Static

static

Bon de commande.exe

windows7_x64

Bon de commande.exe

windows10_x64

Sharing

General

Target

Bon de commande.exe
Size

26KB
Sample

220121-qjlbxahfhm
MD5

00286c04e7817a33d830719ef9afda61
SHA1

3e59b07e3aa255dc4086c9c631d814ac201e9951
SHA256

263b305d6a17491a0dd9dd32c5e56536263326e716e0474a132c1d8f8cc0878d
SHA512

917d83abba42301eabf3e5bdc7450300150925955cc2b6ddb40b28338c2014ec30c234fad245bc19f5d5345f5ad5de55e0a738e7bb9fa96b765117c3410a8612

Score

10^/10

bitrat persistence suricata trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

Bon de commande.exe

Resource

win7-en-20211208

bitrat persistence suricata trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Bon de commande.exe

Resource

win10-en-20211208

bitrat persistence suricata trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

severdops.ddns.net:3071

Attributes

communication_password
29ef52e7563626a96cea7f4b4085c124
tor_process
tor

Targets

- Target
  
  Bon de commande.exe
- Size
  
  26KB
- MD5
  
  00286c04e7817a33d830719ef9afda61
- SHA1
  
  3e59b07e3aa255dc4086c9c631d814ac201e9951
- SHA256
  
  263b305d6a17491a0dd9dd32c5e56536263326e716e0474a132c1d8f8cc0878d
- SHA512
  
  917d83abba42301eabf3e5bdc7450300150925955cc2b6ddb40b28338c2014ec30c234fad245bc19f5d5345f5ad5de55e0a738e7bb9fa96b765117c3410a8612
Score

10^/10

bitrat persistence suricata trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratpersistencesuricatatrojanupx

behavioral2

bitratpersistencesuricatatrojanupx

© 2018-2024

Terms | Privacy