bitrat | 5e1f9db033fe27d7a3d646459411c94db634c512844e9eeab40c1b635cac1588 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

5e1f9db033fe27d7a3d646459411c94db634c512844e9eeab40c1b635cac1588
Size

1.4MB
Sample

220727-1q5n8shhbn
MD5

d30ae9e3c1a66b23090622a255dfb918
SHA1

e55b120b9cc8cd726365a6360be96a00d8cad60e
SHA256

5e1f9db033fe27d7a3d646459411c94db634c512844e9eeab40c1b635cac1588
SHA512

499402535612aab28a032b432fb594db9636e313dcad28a9df8db3a88b3d3e70b5ddcf37a6c266dd5afbaafa85bdb85955b15feaae51e8863ee7ba56928db1d7

Score

10^/10

bitrat xenarmor collection password recovery spyware stealer trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

5e1f9db033fe27d7a3d646459411c94db634c512844e9eeab40c1b635cac1588.exe

Resource

win10-20220718-en

bitrat xenarmor collection password recovery spyware stealer trojan upx

windows10-1703-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

103.133.105.50:1234

Attributes

communication_password
e10adc3949ba59abbe56e057f20f883e
tor_process
tor

Targets

- Target
  
  5e1f9db033fe27d7a3d646459411c94db634c512844e9eeab40c1b635cac1588
- Size
  
  1.4MB
- MD5
  
  d30ae9e3c1a66b23090622a255dfb918
- SHA1
  
  e55b120b9cc8cd726365a6360be96a00d8cad60e
- SHA256
  
  5e1f9db033fe27d7a3d646459411c94db634c512844e9eeab40c1b635cac1588
- SHA512
  
  499402535612aab28a032b432fb594db9636e313dcad28a9df8db3a88b3d3e70b5ddcf37a6c266dd5afbaafa85bdb85955b15feaae51e8863ee7ba56928db1d7
Score

10^/10

bitrat xenarmor collection password recovery spyware stealer trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- XenArmor Suite
  XenArmor is as suite of password recovery tools for various application.
  recovery password xenarmor
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratxenarmorcollectionpasswordrecoveryspywarestealertrojanupx

© 2018-2024

Terms | Privacy