Overview

overview

10

Static

static

91eae4dde9...55.exe

windows7-x64

10

91eae4dde9...55.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    91eae4dde94e8192a5050abda781916bc08e16c52595a2e97d3b0000ae64a655

  • Size

    1.5MB

  • Sample

    220817-jfld6sfeb5

  • MD5

    45a7d174e1fee169316107638d633985

  • SHA1

    0f6bb823d193e4ab8b3ac4facb9c55a0654927f2

  • SHA256

    91eae4dde94e8192a5050abda781916bc08e16c52595a2e97d3b0000ae64a655

  • SHA512

    ac3253f8c40bf7cff08dfda0d01e826ffdb5dcc958aa545e4fc0309b115a533f4b69a00329273516cb6a79eee6d503b56236f9c3d6f5635d626dcd283095c028

  • SSDEEP

    24576:XD+M4PdJSqshQrYiD8x8OOAvPNME+cuZd2ZA6eisc/AFIsByBWz:ebSq+p85B9d2XAypBS

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitrat9300.duckdns.org:9300

Attributes
  • communication_password

    e10adc3949ba59abbe56e057f20f883e

  • tor_process

    tor

Targets

    • Target

      91eae4dde94e8192a5050abda781916bc08e16c52595a2e97d3b0000ae64a655

    • Size

      1.5MB

    • MD5

      45a7d174e1fee169316107638d633985

    • SHA1

      0f6bb823d193e4ab8b3ac4facb9c55a0654927f2

    • SHA256

      91eae4dde94e8192a5050abda781916bc08e16c52595a2e97d3b0000ae64a655

    • SHA512

      ac3253f8c40bf7cff08dfda0d01e826ffdb5dcc958aa545e4fc0309b115a533f4b69a00329273516cb6a79eee6d503b56236f9c3d6f5635d626dcd283095c028

    • SSDEEP

      24576:XD+M4PdJSqshQrYiD8x8OOAvPNME+cuZd2ZA6eisc/AFIsByBWz:ebSq+p85B9d2XAypBS

    Score
    10/10
    bitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks