bitrat | de738140a1d81c5cbc08d63c74a929c1195ea0883f553ad776462ba0d0dff89b | Triage

Submit
Reports

Overview

overview

Static

static

DENUNCIA V...RA.exe

windows7_x64

DENUNCIA V...RA.exe

windows10_x64

DENUNCIA V...RA.exe

windows10-2004_x64

DENUNCIA V...RA.exe

windows11_x64

Sharing

General

Target

DENUNCIA VIRTUAL IMPUESTA EN SU CONTRA.bin.zip
Size

23KB
Sample

220609-mnwrnabdc6
MD5

02e12fdf87c7d8691db58d220f4fee2a
SHA1

6ad3b8901a75bd04ab6bf3ad4c8338e069e4b6be
SHA256

de738140a1d81c5cbc08d63c74a929c1195ea0883f553ad776462ba0d0dff89b
SHA512

975573e63f3a14b157689b8ad4f372a1dc0869bde3e9e228ff78a893f918572e33d62fb3caf3f4ea7bce4835032621ff015abf61b055b7284b99a7d45e3e6a76

Score

10^/10

bitrat persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

DENUNCIA VIRTUAL IMPUESTA EN SU CONTRA.exe

Resource

win7-20220414-en

bitrat persistence trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

DENUNCIA VIRTUAL IMPUESTA EN SU CONTRA.exe

Resource

win10-20220414-en

bitrat persistence trojan upx

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

DENUNCIA VIRTUAL IMPUESTA EN SU CONTRA.exe

Resource

win10v2004-20220414-en

bitrat persistence trojan upx

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

DENUNCIA VIRTUAL IMPUESTA EN SU CONTRA.exe

Resource

win11-20220223-en

windows11_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

reyhrwwet4y.duckdns.org :1880

Attributes

communication_password
202cb962ac59075b964b07152d234b70
tor_process
tor

Targets

- Target
  
  DENUNCIA VIRTUAL IMPUESTA EN SU CONTRA.bin
- Size
  
  160KB
- MD5
  
  c9e93cb3148aa7fd9aeb11e3deaaa994
- SHA1
  
  4dec478206a5ac46a560f8bb36b8ef7abf7cadb9
- SHA256
  
  86456c0b66bf59cbdddd5419cca3b24d4d303b8e7ed5261181ae1ab3933e55e8
- SHA512
  
  0c80ee1d9f61c8d73902673103bfe3b3dd480b564dc2a4f9822f78d6eef92441b93afbfbc9236ab9eb210a2911d66ffa82bf39001c2ddb7f4925347bbb69417b
Score

10^/10

bitrat persistence trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratpersistencetrojanupx

behavioral2

bitratpersistencetrojanupx

behavioral3

bitratpersistencetrojanupx

behavioral4

© 2018-2024

Terms | Privacy