bitrat | 859246ff173ff4ff68c9c761a21aa9944c7c2dba5cd882d9309d845355895631 | Triage

Submit
Reports

Overview

overview

Static

static

D7M39A87SH...PT.exe

windows7_x64

D7M39A87SH...PT.exe

windows10-2004_x64

Sharing

General

Target

D7M39A87SH3-ETRANSFER-RECEIPT.zip
Size

1.8MB
Sample

220615-yh35bsbffq
MD5

ce8f4a5b067cb9447c863f2dba4b5b38
SHA1

e22ee6e1de3ecd978f1ddf1d6d2f8e5829d73160
SHA256

859246ff173ff4ff68c9c761a21aa9944c7c2dba5cd882d9309d845355895631
SHA512

3d0ee32c2114f674dff5f2f449baa449aa17a6a38c54fd1314c497ca2575f0e6b8cb06a1f13ec21626ba96216c271e6e7edb823ba44c610abd281b7ff24a2b88

Score

10^/10

bitrat suricata trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

D7M39A87SH3-ETRANSFER-RECEIPT.exe

Resource

win7-20220414-en

bitrat suricata trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

D7M39A87SH3-ETRANSFER-RECEIPT.exe

Resource

win10v2004-20220414-en

bitrat suricata trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitrat9300.duckdns.org:9300

Attributes

communication_password
e10adc3949ba59abbe56e057f20f883e
tor_process
tor

Targets

- Target
  
  D7M39A87SH3-ETRANSFER-RECEIPT.exe
- Size
  
  300.0MB
- MD5
  
  edd26deecff12183dc818957f18b866a
- SHA1
  
  7e4fc7d57f7502ad210ceafbe294716981585281
- SHA256
  
  0b6306bc128b16b99cee0d04e4427bc0b5dbe32b2386fc4800cf42c9f42ed3b3
- SHA512
  
  b86225d429f244077f1a4313318e034320da2091a02a8064065b2fbd290eaa5285adfe90a161886f6a13dcba996f536da6758da78cf54ec01c900369db841987
Score

10^/10

bitrat suricata trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratsuricatatrojanupx

behavioral2

bitratsuricatatrojanupx

© 2018-2024

Terms | Privacy