bitrat | b4d965c427f37d900c4cdc0257542d33ad436efcf30a69dd006aa3321a90bc7c | Triage

Submit
Reports

Overview

overview

Static

static

b4d965c427...7c.exe

windows7_x64

b4d965c427...7c.exe

windows10-2004_x64

Sharing

General

Target

b4d965c427f37d900c4cdc0257542d33ad436efcf30a69dd006aa3321a90bc7c
Size

4.4MB
Sample

220708-ywjylsehhj
MD5

0c09d75a290024791e700607ecea59e3
SHA1

e69abb2295667c1ad8abae715c5ed10b387b0bb8
SHA256

b4d965c427f37d900c4cdc0257542d33ad436efcf30a69dd006aa3321a90bc7c
SHA512

1bb58ffa224869a2ceb7a9af83de6e5aad99c899b67888e17329836a959058f92133373a015ffae945d9b2c0769a9b1b49a034d5f87bf3dc0fb189b739cdd7b0

Score

10^/10

bitrat evasion trojan

Static task

static1

Behavioral task

behavioral1

Sample

b4d965c427f37d900c4cdc0257542d33ad436efcf30a69dd006aa3321a90bc7c.exe

Resource

win7-20220414-en

bitrat evasion trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b4d965c427f37d900c4cdc0257542d33ad436efcf30a69dd006aa3321a90bc7c.exe

Resource

win10v2004-20220414-en

bitrat evasion trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

bitrat

Version

1.33

C2

23.105.131.186:9000

Attributes

communication_password
c4ca4238a0b923820dcc509a6f75849b
tor_process
tor

Targets

- Target
  
  b4d965c427f37d900c4cdc0257542d33ad436efcf30a69dd006aa3321a90bc7c
- Size
  
  4.4MB
- MD5
  
  0c09d75a290024791e700607ecea59e3
- SHA1
  
  e69abb2295667c1ad8abae715c5ed10b387b0bb8
- SHA256
  
  b4d965c427f37d900c4cdc0257542d33ad436efcf30a69dd006aa3321a90bc7c
- SHA512
  
  1bb58ffa224869a2ceb7a9af83de6e5aad99c899b67888e17329836a959058f92133373a015ffae945d9b2c0769a9b1b49a034d5f87bf3dc0fb189b739cdd7b0
Score

10^/10

bitrat evasion trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratevasiontrojan

behavioral2

bitratevasiontrojan

© 2018-2024

Terms | Privacy