bitrat | 30200a7b327e28ce7e846002f0cb8e63716fac612a8bf3c78d2abe568d9de9d9 | Triage

Submit
Reports

Overview

overview

Static

static

RPDQOPKDGS...CE.exe

windows7_x64

RPDQOPKDGS...CE.exe

windows10-2004_x64

8

Sharing

General

Target

RPDQOPKDGSA_PAYMENT_INVOICE.exe
Size

299.0MB
Sample

220714-hpz39abbdp
MD5

e19f652edb3ad5c5d322a9458f0bd57b
SHA1

3c21da297f2119d4312c5401981dc31fcbb4bf81
SHA256

30200a7b327e28ce7e846002f0cb8e63716fac612a8bf3c78d2abe568d9de9d9
SHA512

e82fc0d590c3017e478e0eb3c34a8c9af231dd8ddbb8d224b2445d1365e3743476bbaac4877ef0cef6484ad4310518a85d09a16ecc7e5483342fbddc0a5c05b8

Score

10^/10

bitrat suricata trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

RPDQOPKDGSA_PAYMENT_INVOICE.exe

Resource

win7-20220414-en

bitrat suricata trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

RPDQOPKDGSA_PAYMENT_INVOICE.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

sh1673009.duckdns.org:7812

Attributes

communication_password
81dc9bdb52d04dc20036dbd8313ed055
tor_process
tor

Targets

- Target
  
  RPDQOPKDGSA_PAYMENT_INVOICE.exe
- Size
  
  299.0MB
- MD5
  
  e19f652edb3ad5c5d322a9458f0bd57b
- SHA1
  
  3c21da297f2119d4312c5401981dc31fcbb4bf81
- SHA256
  
  30200a7b327e28ce7e846002f0cb8e63716fac612a8bf3c78d2abe568d9de9d9
- SHA512
  
  e82fc0d590c3017e478e0eb3c34a8c9af231dd8ddbb8d224b2445d1365e3743476bbaac4877ef0cef6484ad4310518a85d09a16ecc7e5483342fbddc0a5c05b8
Score

10^/10

bitrat suricata trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
  suricata
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratsuricatatrojanupx

behavioral2

© 2018-2024

Terms | Privacy