bitrat | 02bc924059ec19c7f3bb1408e433fe80d91a04493da88a8b45ecba52d9682c1b | Triage

Submit
Reports

Overview

overview

Static

static

IMG DE ACT...1..exe

windows7-x64

9

IMG DE ACT...1..exe

windows10-2004-x64

Sharing

General

Target

IMG DE ACTA 50801..exe
Size

1.0MB
Sample

220928-kfglnagedr
MD5

6aa0f1a582244471edc1a027a5db7662
SHA1

79919ce6b90bb8c530e3f95877854fd7309a34c4
SHA256

02bc924059ec19c7f3bb1408e433fe80d91a04493da88a8b45ecba52d9682c1b
SHA512

713f78d5d14ef39db13bdca4a5fd9f18ed6cfe3f2d8314a61a1da1efb3b5be1c49bb982e3d14ab4b6d614a3f7969e07b4c7c3f89bb2f0ef4457482bdcdc4cdd6
SSDEEP

24576:4s2yKssWL8vNZ6f7EQnchkwoJ9BxN5FPoPIbADlwAPOGf:4s2yKssWeNZEcgJzxN5SAbKlFPf

Score

10^/10

bitrat discovery persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

IMG DE ACTA 50801..exe

Resource

win7-20220901-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

IMG DE ACTA 50801..exe

Resource

win10v2004-20220812-en

bitrat persistence trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bendiciones2.con-ip.com:7777

Attributes

communication_password
202cb962ac59075b964b07152d234b70
tor_process
tor

Targets

- Target
  
  IMG DE ACTA 50801..exe
- Size
  
  1.0MB
- MD5
  
  6aa0f1a582244471edc1a027a5db7662
- SHA1
  
  79919ce6b90bb8c530e3f95877854fd7309a34c4
- SHA256
  
  02bc924059ec19c7f3bb1408e433fe80d91a04493da88a8b45ecba52d9682c1b
- SHA512
  
  713f78d5d14ef39db13bdca4a5fd9f18ed6cfe3f2d8314a61a1da1efb3b5be1c49bb982e3d14ab4b6d614a3f7969e07b4c7c3f89bb2f0ef4457482bdcdc4cdd6
- SSDEEP
  
  24576:4s2yKssWL8vNZ6f7EQnchkwoJ9BxN5FPoPIbADlwAPOGf:4s2yKssWeNZEcgJzxN5SAbKlFPf
Score

10^/10

discovery bitrat persistence trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Scanning

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bitratpersistencetrojanupx

© 2018-2024

Terms | Privacy