bitrat | 6f628448d414787ca2ee26eed975b02ae71a9ab61d2d8eb58f3de9f8d285c7e5 | Triage

Submit
Reports

Overview

overview

Static

static

DOMUMENTO ...DA.exe

windows7_x64

3

DOMUMENTO ...DA.exe

windows10_x64

3

DOMUMENTO ...DA.exe

windows10-2004_x64

DOMUMENTO ...DA.exe

windows11_x64

Sharing

General

Target

DOMUMENTO DE TRANSACCION REALIZADA.bin.zip
Size

64KB
Sample

220609-vlmpzaeeh7
MD5

17638baee6cac22980628aafb5ffd566
SHA1

dbb4d6c0f5647d15225a183e468272be9bbda847
SHA256

6f628448d414787ca2ee26eed975b02ae71a9ab61d2d8eb58f3de9f8d285c7e5
SHA512

d92493483e2d3afc5f3fcc66e93cebd17fb2bd2e2eeb003c2983848ce1e6f2212964634cf7f43242a7e35b24fea780ee4a00eae6652570e4c0243da6fd1fc856

Score

10^/10

bitrat persistence suricata trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

DOMUMENTO DE TRANSACCION REALIZADA.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

DOMUMENTO DE TRANSACCION REALIZADA.exe

Resource

win10-20220414-en

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

DOMUMENTO DE TRANSACCION REALIZADA.exe

Resource

win10v2004-20220414-en

bitrat persistence suricata trojan upx

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

DOMUMENTO DE TRANSACCION REALIZADA.exe

Resource

win11-20220223-en

windows11_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

breswew.duckdns.org:1880

Attributes

communication_password
202cb962ac59075b964b07152d234b70
tor_process
tor

Targets

- Target
  
  DOMUMENTO DE TRANSACCION REALIZADA.bin
- Size
  
  126KB
- MD5
  
  8c52bf0ad28692c8e274874606c362dd
- SHA1
  
  ebcda75002db41d1a7f3597ca9467aab625439f7
- SHA256
  
  ac6da2e8ec05b1e8e562c15745997b48c0f51aeb823d4858445123060f40bb57
- SHA512
  
  62dc35a98757814ceaec1f5ff41d97641e5ceabb3e5511ad79be3db272d63fbd001bb62ea9f019a773dd5293dd4993a87d775825dda827b5dd9c1a05d274bf24
Score

10^/10

bitrat persistence suricata trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

bitratpersistencesuricatatrojanupx

behavioral4

© 2018-2024

Terms | Privacy