bitrat

General

Target

7c0096de5c0980d402291ce8d29de4a5.exe
Size

4.4MB
Sample

220929-mfyw2sadh4
MD5

7c0096de5c0980d402291ce8d29de4a5
SHA1

a7dc912b7d74e300a2a3985a9b910031bc86c31d
SHA256

5e1ea26f5575e26857b209695de82207a04de0b0dc06f3645f776cc628440c46
SHA512

f4ca6efe60f745a61ab0e318e75c69d149b08ab9765ae2a8f7b2c2cfe7f43a5cac989cc150968df0da9732d2ce3eb7261f4b2a5ceb4678501d4069e22bd6f7f6
SSDEEP

98304:1p/pzzUR6L0skzfu28Lm2QN3SJX7zojSHxWcfSAsJCTRmYrX:Pxfi6+DujLm2hJ78jSkTcTAYr

Score

10^/10

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

103.125.190.185:1234

Attributes

communication_password
827ccb0eea8a706c4c34a16891f84e7b
tor_process
tor

Targets

- Target
  
  7c0096de5c0980d402291ce8d29de4a5.exe
- Size
  
  4.4MB
- MD5
  
  7c0096de5c0980d402291ce8d29de4a5
- SHA1
  
  a7dc912b7d74e300a2a3985a9b910031bc86c31d
- SHA256
  
  5e1ea26f5575e26857b209695de82207a04de0b0dc06f3645f776cc628440c46
- SHA512
  
  f4ca6efe60f745a61ab0e318e75c69d149b08ab9765ae2a8f7b2c2cfe7f43a5cac989cc150968df0da9732d2ce3eb7261f4b2a5ceb4678501d4069e22bd6f7f6
- SSDEEP
  
  98304:1p/pzzUR6L0skzfu28Lm2QN3SJX7zojSHxWcfSAsJCTRmYrX:Pxfi6+DujLm2hJ78jSkTcTAYr
Score

10^/10

bitrat trojan xenarmor collection password recovery spyware stealer upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- XenArmor Suite
  XenArmor is as suite of password recovery tools for various application.
  recovery password xenarmor
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

4

T1081

Discovery

Lateral Movement

Collection

Data from Local System

4

T1005

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

XenArmor Suite

ACProtect 1.3x - 1.4x DLL software

Executes dropped EXE

UPX packed file

Loads dropped DLL

Reads data files stored by FTP clients

Reads local data of messenger clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook accounts

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2