bitrat | 234cad9129c3468824397de31f34b9a564f5e49f2312f057be94cae409004daf | Triage

Submit
Reports

Overview

overview

Static

static

JO37GDDJF5...PT.exe

windows7_x64

JO37GDDJF5...PT.exe

windows10-2004_x64

Sharing

General

Target

9cffb6211e8011ba4c01d72c0b34492c
Size

2.5MB
Sample

220621-r8g68aedhl
MD5

9cffb6211e8011ba4c01d72c0b34492c
SHA1

3eb1273e0e6516ad90fe2417844523da85006ea6
SHA256

234cad9129c3468824397de31f34b9a564f5e49f2312f057be94cae409004daf
SHA512

da8a36913246e54c21e06bad78d471b5aedb74fe6cc27d363e1003ed299ac9d3285231b8cbc0a0bbde9a75c668695d0f9f63db711b4d8a803b2941552daf2373

Score

10^/10

bitrat suricata trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

JO37GDDJF5_ETRANSFER_RECEIPT.exe

Resource

win7-20220414-en

bitrat suricata trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

JO37GDDJF5_ETRANSFER_RECEIPT.exe

Resource

win10v2004-20220414-en

bitrat trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitrat9300.duckdns.org:9300

Attributes

communication_password
e10adc3949ba59abbe56e057f20f883e
tor_process
tor

Targets

- Target
  
  JO37GDDJF5_ETRANSFER_RECEIPT.exe
- Size
  
  300.0MB
- MD5
  
  9f791a0a9f76db609b44f0e3bf7bdef5
- SHA1
  
  0481f2e178c7a34b3d855e5c53553337fe2008ed
- SHA256
  
  ccd71d751bf017dee31f76eceded9aa6832f5e19b5389584d3665f76b4f0caf2
- SHA512
  
  06889bebdf092e4f1563e697e9c619a147954ffcb1f9dd9e9a9238d1410442373f95558c02e6bae6f5d832f89a46eab8b08114699f7321ce2e1150a69f1ad1ee
Score

10^/10

bitrat suricata trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratsuricatatrojanupx

behavioral2

bitrattrojanupx

© 2018-2024

Terms | Privacy