bitrat | bf6a3ac0316f35f0e8663019709028b9d352c1bf10f8bed23807b40309f5ba60 | Triage

Submit
Reports

Overview

overview

Static

static

BILLPAYM.exe

windows7-x64

BILLPAYM.exe

windows10-2004-x64

Sharing

General

Target

Billpayment&Invoice.bin
Size

300.6MB
Sample

220909-vn5cssgff7
MD5

5374eb500738e45c6890a80967d780e2
SHA1

b3001e91dbb05c81590f96191a3da3c130e0bace
SHA256

bf6a3ac0316f35f0e8663019709028b9d352c1bf10f8bed23807b40309f5ba60
SHA512

1442c3f26fe20518c1898602734aac0c8196509009b5fb9d31461a1391078927c1eab870260f675d6b8105110e1147379d856858bd025e15d9fd2c09cca7e152
SSDEEP

24576:L+GQ7D8nXiNeGFPQKpFCjI/teJb2Q/eF2YlIECXRPbSVKcS2nOI3lqaNJJxEJYsO:L+GaeGtpFC8/mb9ejKulkPaNJo

Score

10^/10

bitrat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

BILLPAYM.exe

Resource

win7-20220812-en

bitrat trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

BILLPAYM.exe

Resource

win10v2004-20220812-en

bitrat trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

newbithere.duckdns.org:2005

Attributes

communication_password
827ccb0eea8a706c4c34a16891f84e7b
tor_process
tor

Targets

- Target
  
  BILLPAYM.EXE
- Size
  
  300.0MB
- MD5
  
  41d8a777ddc40a009a046f88900c0b80
- SHA1
  
  25dfd72ffe79eb5884d27fead86f4886bed638de
- SHA256
  
  e6844a84f9210b5803147c158c841404331177bf409dab05fecb3b3303d50347
- SHA512
  
  e75f3bfc85ed1def013474d61d5ee936ce36f499e0e111a7a1264180b7c7cc0b9a35469c35549e14c5efccc105db509aa5935152aab4e028b038e12b126f4514
- SSDEEP
  
  24576:R+GQ7D8nXiNeGFPQKpFCjI/teJb2Q/eF2YlIECXRPbSVKcS2nOI3lqaNJJxEJYsO:R+GaeGtpFC8/mb9ejKulkPaNJo
Score

10^/10

bitrat trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitrattrojanupx

behavioral2

bitrattrojanupx

© 2018-2024

Terms | Privacy