bitrat | a2e53e31a6d4e81b4df4572ff9d41278b8c48c2387ba84075ae58f3d10c4884b | Triage

Submit
Reports

Overview

overview

Static

static

RKS7D5D6F_...PT.exe

windows7_x64

RKS7D5D6F_...PT.exe

windows10-2004_x64

Sharing

General

Target

RKS7D5D6F_ETRANSFER_RECEIPT.zip
Size

1.8MB
Sample

220615-rwaavababr
MD5

504eb52f35301afa852490e0e1f0cebc
SHA1

af69bdec934f914152e9b7359e214538c84bfe24
SHA256

a2e53e31a6d4e81b4df4572ff9d41278b8c48c2387ba84075ae58f3d10c4884b
SHA512

7c6507226a2ccb60cd2df6e5387b5c9ec1ad318ea2629bea1fbc8487cd23077f0ccbc358664c78c11030bfb7541697c79c3e8f8ef89be2e928b31ce965c79cb6

Score

10^/10

bitrat suricata trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

RKS7D5D6F_ETRANSFER_RECEIPT.exe

Resource

win7-20220414-en

bitrat suricata trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

RKS7D5D6F_ETRANSFER_RECEIPT.exe

Resource

win10v2004-20220414-en

bitrat suricata trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitrat9300.duckdns.org:9300

Attributes

communication_password
e10adc3949ba59abbe56e057f20f883e
tor_process
tor

Targets

- Target
  
  RKS7D5D6F_ETRANSFER_RECEIPT.exe
- Size
  
  300.0MB
- MD5
  
  7298a9ef42c45144a0caab46893fc9e3
- SHA1
  
  809492d6628db6cb0af75ceb861ca209079029af
- SHA256
  
  cd4000e6ed2eeeb0af7509cc6c74ea8d2ef08d5d6f6551aeebad6a96de57d7cd
- SHA512
  
  ac95e369ed001e74b5c32cb94ac109f3b7c76b9c9dd82fd92c0569682589ccd94521599a7b03921a633c4668905a73ba87c9c7d5e31935d047f61c1284dd4459
Score

10^/10

bitrat suricata trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratsuricatatrojanupx

behavioral2

bitratsuricatatrojanupx

© 2018-2024

Terms | Privacy