bitrat | b26654a554506511b1b0c0570e0df09e72704d915cb62bedcda383c4d9d846c9 | Triage

Submit
Reports

Overview

overview

Static

static

Check411804.exe

windows7_x64

Check411804.exe

windows10_x64

Sharing

General

Target

Check411804.exe
Size

1.8MB
Sample

220406-vxyxdacebk
MD5

6e120d3757d58b2d2a049b6e8174be57
SHA1

bf5619bc94a891c199543a2037f24e60c3d97a5c
SHA256

b26654a554506511b1b0c0570e0df09e72704d915cb62bedcda383c4d9d846c9
SHA512

5bf6273e13feca140966d2aa6fa926c20bdb23e455e8e211e581fff70434643645e379920e2c653bc9d3fed67842fe300f1699bfb80ba654e89616098c1c87e5

Score

10^/10

bitrat discovery spyware stealer suricata trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

Check411804.exe

Resource

win7-20220310-en

bitrat suricata trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Check411804.exe

Resource

win10-20220310-en

bitrat discovery spyware stealer suricata trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitratnew9200.duckdns.org:9200

Attributes

communication_password
e10adc3949ba59abbe56e057f20f883e
tor_process
tor

Targets

- Target
  
  Check411804.exe
- Size
  
  1.8MB
- MD5
  
  6e120d3757d58b2d2a049b6e8174be57
- SHA1
  
  bf5619bc94a891c199543a2037f24e60c3d97a5c
- SHA256
  
  b26654a554506511b1b0c0570e0df09e72704d915cb62bedcda383c4d9d846c9
- SHA512
  
  5bf6273e13feca140966d2aa6fa926c20bdb23e455e8e211e581fff70434643645e379920e2c653bc9d3fed67842fe300f1699bfb80ba654e89616098c1c87e5
Score

10^/10

bitrat suricata trojan upx discovery spyware stealer
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratsuricatatrojanupx

behavioral2

bitratdiscoveryspywarestealersuricatatrojanupx

© 2018-2024

Terms | Privacy