bitrat | 772f6645c35033bb27c15d96b3c9fc58bc7feca6b06e5a0479157b75987e2214 | Triage

Submit
Reports

Overview

overview

Static

static

141.98.6.6...94.exe

windows7-x64

141.98.6.6...94.exe

windows10-2004-x64

Sharing

General

Target

141.98.6.67_-_bit.exe___c8fa9d8cf4ff8780466a34d8d5d43594.dat
Size

1.4MB
Sample

220728-1t3n2scber
MD5

c8fa9d8cf4ff8780466a34d8d5d43594
SHA1

1902971da5e39dccc308207ab77a7e1c987c31cd
SHA256

772f6645c35033bb27c15d96b3c9fc58bc7feca6b06e5a0479157b75987e2214
SHA512

9a87c3fc220fdc6f959fb9a5bfe6b526a003a4d1fd473581ba3d044bdf4cb3fffe531a5b56b87ea243a787da80a10372ff932457f069dd174be9654681f44c03

Score

10^/10

bitrat persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

141.98.6.67_-_bit.exe___c8fa9d8cf4ff8780466a34d8d5d43594.exe

Resource

win7-20220718-en

bitrat persistence trojan upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

141.98.6.67_-_bit.exe___c8fa9d8cf4ff8780466a34d8d5d43594.exe

Resource

win10v2004-20220721-en

bitrat persistence trojan upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

nicehash.at:6000

Attributes

communication_password
74963e9852aafd36ba521fa22b39e244
install_dir
localappdata
install_file
Java.exe
tor_process
tor

Targets

- Target
  
  141.98.6.67_-_bit.exe___c8fa9d8cf4ff8780466a34d8d5d43594.dat
- Size
  
  1.4MB
- MD5
  
  c8fa9d8cf4ff8780466a34d8d5d43594
- SHA1
  
  1902971da5e39dccc308207ab77a7e1c987c31cd
- SHA256
  
  772f6645c35033bb27c15d96b3c9fc58bc7feca6b06e5a0479157b75987e2214
- SHA512
  
  9a87c3fc220fdc6f959fb9a5bfe6b526a003a4d1fd473581ba3d044bdf4cb3fffe531a5b56b87ea243a787da80a10372ff932457f069dd174be9654681f44c03
Score

10^/10

bitrat persistence trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratpersistencetrojanupx

behavioral2

bitratpersistencetrojanupx

© 2018-2024

Terms | Privacy