bitrat

General

Target

DECLARACION IMPUESTO DE INDUSTRIA Y COMERCIO.exe
Size

9KB
Sample

220727-jcas9sbehr
MD5

447d4c3850ccc16ad6c0ce0b6e482b78
SHA1

272a0041f0db7fa8e46de1c5feb3c2ca2c50d1e5
SHA256

e3ce6f94c4f7ac9a3e5a65a6f4a75e7ad1805c67a4ac5a94a79b336e5d8d7163
SHA512

067380e3dd70a8b810b14d56a8e6b92b6823741b22711717c187c17c3b522112f5d982d27b98a7d55898c1bea82faca23c7d15a846476536a9e3d3de4b00f2d8

Score

10^/10

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

fhethdfhfdh.duckdns.org:1882

Attributes

communication_password
81dc9bdb52d04dc20036dbd8313ed055
tor_process
tor

Targets

- Target
  
  DECLARACION IMPUESTO DE INDUSTRIA Y COMERCIO.exe
- Size
  
  9KB
- MD5
  
  447d4c3850ccc16ad6c0ce0b6e482b78
- SHA1
  
  272a0041f0db7fa8e46de1c5feb3c2ca2c50d1e5
- SHA256
  
  e3ce6f94c4f7ac9a3e5a65a6f4a75e7ad1805c67a4ac5a94a79b336e5d8d7163
- SHA512
  
  067380e3dd70a8b810b14d56a8e6b92b6823741b22711717c187c17c3b522112f5d982d27b98a7d55898c1bea82faca23c7d15a846476536a9e3d3de4b00f2d8
Score

10^/10

bitrat purecrypter loader persistence trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Detect PureCrypter loader
  loader
- PureCrypter
  PureCrypter is a loader which is intended for downloading and executing additional payloads.
  trojan loader purecrypter
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect PureCrypter loader

PureCrypter

UPX packed file

Checks computer location settings

Adds Run key to start application

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2