bitrat | 21aa6e142f014f8fd321bbe918432144e682aa20e65629f29ccf482ea48a419d | Triage

Submit
Reports

Overview

overview

Static

static

9c91d69d00...91.exe

windows7_x64

1

9c91d69d00...91.exe

windows10-2004_x64

Sharing

General

Target

7709026134.zip
Size

28KB
Sample

220714-km8nqahhb7
MD5

0b5efc03a9847f86c30a1fc693be02d3
SHA1

88a574bd8dce79915dfdc7ae661d0744167f7c9d
SHA256

21aa6e142f014f8fd321bbe918432144e682aa20e65629f29ccf482ea48a419d
SHA512

962d617c38040e8bc249d65f4a02f803fdff4f850857eea842a58f723dc9f3aa3e323fedb46b3ac15b4d770c02103da79a6fe4f9a582cd5ce8bcdf07846301c9

Score

10^/10

bitrat persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

9c91d69d00012f20188fa70917be025e23facea44c9f70fad009acc08e497d91.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

9c91d69d00012f20188fa70917be025e23facea44c9f70fad009acc08e497d91.exe

Resource

win10v2004-20220414-en

bitrat persistence trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

hneufvwouve.con-ip.com:1880

Attributes

communication_password
202cb962ac59075b964b07152d234b70
tor_process
tor

Targets

- Target
  
  9c91d69d00012f20188fa70917be025e23facea44c9f70fad009acc08e497d91
- Size
  
  57KB
- MD5
  
  1f8ab60652189ea6957eaf626cf0aedc
- SHA1
  
  74b68584a1f25710ae897f6d90ab4ad3cad4796f
- SHA256
  
  9c91d69d00012f20188fa70917be025e23facea44c9f70fad009acc08e497d91
- SHA512
  
  3a525c7e25ddc2afb62c9bd086f8fe2905761828dbd02ff7b68b0d78ca6a2e26631c6704dbe22d06d9e39b73422cfc8e7d1a94ca48e9846683c41dd08540b9e3
Score

10^/10

bitrat persistence trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

bitratpersistencetrojanupx

© 2018-2024

Terms | Privacy