bitrat | 9a94526af5d19bcf180fce60337990aa2ca9faae1e6e2c913904e5f66f1c0bca | Triage

Submit
Reports

Overview

overview

Static

static

MAOISKUDTHHDBENR.exe

windows7-x64

MAOISKUDTHHDBENR.exe

windows10-2004-x64

8

Sharing

General

Target

MAOISKUDTHHDBENR.exe
Size

300.0MB
Sample

220818-pj7z8shdb3
MD5

75982f6745193533c0794af8942c23fd
SHA1

1883c8aa732a0f3b280edb3d3426b8dfcd5bdb09
SHA256

9a94526af5d19bcf180fce60337990aa2ca9faae1e6e2c913904e5f66f1c0bca
SHA512

c9de7e051e14f40a93e620eca74d964d4ac13bafdab3e9aa14ae302a3f524343dfb1524bde53a062f38c2edc2e9d61fe423aabf6672fddcd546495a81a9a3534
SSDEEP

24576:1Gd7RSc5cdsfIiYNlpwu96NLCfRGEwBB9Wfqlob9YJU8BGHS+vEe11beR0M:47x501N8u94LCaPMfsopYJm7g0

Score

10^/10

bitrat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

MAOISKUDTHHDBENR.exe

Resource

win7-20220812-en

bitrat trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

MAOISKUDTHHDBENR.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitrat9300.duckdns.org:9300

Attributes

communication_password
e10adc3949ba59abbe56e057f20f883e
tor_process
tor

Targets

- Target
  
  MAOISKUDTHHDBENR.exe
- Size
  
  300.0MB
- MD5
  
  75982f6745193533c0794af8942c23fd
- SHA1
  
  1883c8aa732a0f3b280edb3d3426b8dfcd5bdb09
- SHA256
  
  9a94526af5d19bcf180fce60337990aa2ca9faae1e6e2c913904e5f66f1c0bca
- SHA512
  
  c9de7e051e14f40a93e620eca74d964d4ac13bafdab3e9aa14ae302a3f524343dfb1524bde53a062f38c2edc2e9d61fe423aabf6672fddcd546495a81a9a3534
- SSDEEP
  
  24576:1Gd7RSc5cdsfIiYNlpwu96NLCfRGEwBB9Wfqlob9YJU8BGHS+vEe11beR0M:47x501N8u94LCaPMfsopYJm7g0
Score

10^/10

bitrat trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitrattrojanupx

behavioral2

© 2018-2024

Terms | Privacy