bitrat | 69dffcfefd0fc853db57ede9a3a374b11159778df89922af24de678d794901ba | Triage

Submit
Reports

Overview

overview

Static

static

DOCUMENTO ...00.exe

windows7-x64

DOCUMENTO ...00.exe

windows10-2004-x64

Sharing

General

Target

DOCUMENTO DE SENTENCIA DE FALLO 190014003003-2022-00299-00.exe
Size

4.2MB
Sample

220904-jnzxjacdbr
MD5

5c1b6de769b658c8383f82da13b12176
SHA1

83fb46538bf04529dc36c71ec21a9e200f15e20b
SHA256

69dffcfefd0fc853db57ede9a3a374b11159778df89922af24de678d794901ba
SHA512

bf0a5158cb9d664afcb66e427082cba3d4a7a949a8474092ca50cdd3320096c712c4a73331528bf8e502ff9d227f52dd9acd2f6d3156e73a1199e6c247351251
SSDEEP

98304:a+L6n3g4AP3GMJhq/wsaZ5w2Sa6TLgF6gGsfksF:dL8Q5SZBXaSgF6g0C

Score

10^/10

bitrat persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

DOCUMENTO DE SENTENCIA DE FALLO 190014003003-2022-00299-00.exe

Resource

win7-20220812-en

bitrat persistence trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

DOCUMENTO DE SENTENCIA DE FALLO 190014003003-2022-00299-00.exe

Resource

win10v2004-20220812-en

bitrat persistence trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

ncjnifhuifd.con-ip.com:1880

Attributes

communication_password
202cb962ac59075b964b07152d234b70
tor_process
tor

Targets

- Target
  
  DOCUMENTO DE SENTENCIA DE FALLO 190014003003-2022-00299-00.exe
- Size
  
  4.2MB
- MD5
  
  5c1b6de769b658c8383f82da13b12176
- SHA1
  
  83fb46538bf04529dc36c71ec21a9e200f15e20b
- SHA256
  
  69dffcfefd0fc853db57ede9a3a374b11159778df89922af24de678d794901ba
- SHA512
  
  bf0a5158cb9d664afcb66e427082cba3d4a7a949a8474092ca50cdd3320096c712c4a73331528bf8e502ff9d227f52dd9acd2f6d3156e73a1199e6c247351251
- SSDEEP
  
  98304:a+L6n3g4AP3GMJhq/wsaZ5w2Sa6TLgF6gGsfksF:dL8Q5SZBXaSgF6g0C
Score

10^/10

bitrat persistence trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratpersistencetrojanupx

behavioral2

bitratpersistencetrojanupx

© 2018-2024

Terms | Privacy