bitrat | cf14757dc91f0f0999a68ed6def88d06da7b2ad659ab618cee7728ab9caae6c3 | Triage

Submit
Reports

Overview

overview

Static

static

cf14757dc9...c3.exe

windows7_x64

9

cf14757dc9...c3.exe

windows10-2004_x64

Sharing

General

Target

cf14757dc91f0f0999a68ed6def88d06da7b2ad659ab618cee7728ab9caae6c3
Size

4.2MB
Sample

220630-v32v8aeagk
MD5

1ef35e701432e20e684f81c34d23396f
SHA1

db4dbf0702c2830a4fd5f57b5bb61462864c0859
SHA256

cf14757dc91f0f0999a68ed6def88d06da7b2ad659ab618cee7728ab9caae6c3
SHA512

5f82b0215846026c32707bcc262616455add416de31aae51b72b025b3642f1854e2e0073324210e0e1d2ba32aee0b4a746ca5d9ef0a245624b7e5c41f12892a7

Score

10^/10

bitrat trojan

Static task

static1

Behavioral task

behavioral1

Sample

cf14757dc91f0f0999a68ed6def88d06da7b2ad659ab618cee7728ab9caae6c3.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

cf14757dc91f0f0999a68ed6def88d06da7b2ad659ab618cee7728ab9caae6c3.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

bitrat

Version

1.33

C2

173.44.50.137:58881

Attributes

communication_password
827ccb0eea8a706c4c34a16891f84e7b
tor_process
tor

Targets

- Target
  
  cf14757dc91f0f0999a68ed6def88d06da7b2ad659ab618cee7728ab9caae6c3
- Size
  
  4.2MB
- MD5
  
  1ef35e701432e20e684f81c34d23396f
- SHA1
  
  db4dbf0702c2830a4fd5f57b5bb61462864c0859
- SHA256
  
  cf14757dc91f0f0999a68ed6def88d06da7b2ad659ab618cee7728ab9caae6c3
- SHA512
  
  5f82b0215846026c32707bcc262616455add416de31aae51b72b025b3642f1854e2e0073324210e0e1d2ba32aee0b4a746ca5d9ef0a245624b7e5c41f12892a7
Score

10^/10

bitrat trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy