bitrat | d45b7cb0d3670b2d8a0191ddb50c96346c69ce3635d7e187270652b1c6398547 | Triage

Submit
Reports

Overview

overview

Static

static

C8D6C4G3_E...PT.exe

windows7_x64

C8D6C4G3_E...PT.exe

windows10-2004_x64

Sharing

General

Target

7558646157.zip
Size

1.5MB
Sample

220614-t1cb4sffdl
MD5

705e7f2c343ae4f36cee0012ee1e7ee8
SHA1

5fe84e1c77617db44e785d81b67ddaf815de7944
SHA256

d45b7cb0d3670b2d8a0191ddb50c96346c69ce3635d7e187270652b1c6398547
SHA512

089badc32b8be8b3a400267f36081a6397614adbf6f5cbb04ab12a028678aeadf30a0df7400be5ceb4fa0773d28a522391dd0e7f17c9c4aa1657866145b73d4a

Score

10^/10

bitrat suricata trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

C8D6C4G3_ETRANSFER_RECEIPT.exe

Resource

win7-20220414-en

bitrat suricata trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

C8D6C4G3_ETRANSFER_RECEIPT.exe

Resource

win10v2004-20220414-en

bitrat suricata trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitrat9300.duckdns.org:9300

Attributes

communication_password
e10adc3949ba59abbe56e057f20f883e
tor_process
tor

Targets

- Target
  
  C8D6C4G3_ETRANSFER_RECEIPT.exe
- Size
  
  300.0MB
- MD5
  
  bfabfe78aa78696e50b54618f8b828e6
- SHA1
  
  10444cddc6fd263a1b4a3ee8fa477a3a1e673f81
- SHA256
  
  5d40878b671c96e0c31b04b38d416c808fe231b1eaade5b4e1bdf5345b371a2b
- SHA512
  
  75b739af5a7a84b740175bdb0d95a6c91ff38f6c52aacfaf82f61da2edb491bbf38494a21f09a83706509d7bdf1bcaaa14707bb61dcc1f32e7bc73fa8033a3b5
Score

10^/10

bitrat suricata trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratsuricatatrojanupx

behavioral2

bitratsuricatatrojanupx

© 2018-2024

Terms | Privacy