bitrat | 33ebe7e430fa3fff37659157265de962dbc323adfac47489ab339855e60c13f6 | Triage

Submit
Reports

Overview

overview

Static

static

BILLPAYM.exe

windows10-2004-x64

Resubmissions

09-09-2022 18:33

220909-w7e3pagha5 10

09-09-2022 18:17

220909-wxb82scehp 10

Sharing

General

Target

Billpayment&Invoice.zip
Size

1.8MB
Sample

220909-w7e3pagha5
MD5

ab7506b62ed569791fb253b4ef011f84
SHA1

0da07692a41cd99b033d0f3e97380300693cf0d6
SHA256

33ebe7e430fa3fff37659157265de962dbc323adfac47489ab339855e60c13f6
SHA512

0cda8bc0a7a44e32c7dd7a0ece4c6847d42f58d46cb0d3044c816c7f151fe4c97aa98374512cab31a9e1fa178ccf47efb7ca200658398ec5db0aab5c2980e84f
SSDEEP

24576:X97danxi1e2FdQKpbajItbAR1gQ/CF8YlSaCHTPbApkcUmv6S2IzNq65JJ/DLYwQ:re2Xpba8tw1fCzIArQS2h65HDhQ

Score

10^/10

bitrat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

BILLPAYM.exe

Resource

win10v2004-20220812-en

bitrat trojan upx

windows10-2004-x64

11 signatures

1800 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

newbithere.duckdns.org:2005

Attributes

communication_password
827ccb0eea8a706c4c34a16891f84e7b
tor_process
tor

Targets

- Target
  
  BILLPAYM.EXE
- Size
  
  300.0MB
- MD5
  
  41d8a777ddc40a009a046f88900c0b80
- SHA1
  
  25dfd72ffe79eb5884d27fead86f4886bed638de
- SHA256
  
  e6844a84f9210b5803147c158c841404331177bf409dab05fecb3b3303d50347
- SHA512
  
  e75f3bfc85ed1def013474d61d5ee936ce36f499e0e111a7a1264180b7c7cc0b9a35469c35549e14c5efccc105db509aa5935152aab4e028b038e12b126f4514
- SSDEEP
  
  24576:R+GQ7D8nXiNeGFPQKpFCjI/teJb2Q/eF2YlIECXRPbSVKcS2nOI3lqaNJJxEJYsO:R+GaeGtpFC8/mb9ejKulkPaNJo
Score

10^/10

bitrat trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitrattrojanupx

© 2018-2024

Terms | Privacy