bitrat

General

Target

8a325dde02cad3ca42c87d9165479fc4.exe
Size

4.5MB
Sample

220929-mg3xdsbeck
MD5

8a325dde02cad3ca42c87d9165479fc4
SHA1

168ade6695c2ab546d750cb9a7a8026f239b016d
SHA256

4691e86098f4a2fe6ed76c46dc7584ae25d9396b06427a47a00ce1156d38f12b
SHA512

cef03ddb55d77676ffb17a4e6b2650e2be5cd1fd152f0f6baa7c83d97da95a1222c0677d13720659ab4df045ff0098bdca7cb1dd3300ee76f26df641d960da8f
SSDEEP

98304:IW7B8cRkSx2gl6VU0dTlxmgURaFhjEKI0UnUB7bN2:IM8O2X9dJ4gUQXnIdyb

Score

10^/10

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

103.125.190.185:1234

Attributes

communication_password
827ccb0eea8a706c4c34a16891f84e7b
tor_process
tor

Targets

- Target
  
  8a325dde02cad3ca42c87d9165479fc4.exe
- Size
  
  4.5MB
- MD5
  
  8a325dde02cad3ca42c87d9165479fc4
- SHA1
  
  168ade6695c2ab546d750cb9a7a8026f239b016d
- SHA256
  
  4691e86098f4a2fe6ed76c46dc7584ae25d9396b06427a47a00ce1156d38f12b
- SHA512
  
  cef03ddb55d77676ffb17a4e6b2650e2be5cd1fd152f0f6baa7c83d97da95a1222c0677d13720659ab4df045ff0098bdca7cb1dd3300ee76f26df641d960da8f
- SSDEEP
  
  98304:IW7B8cRkSx2gl6VU0dTlxmgURaFhjEKI0UnUB7bN2:IM8O2X9dJ4gUQXnIdyb
Score

10^/10

bitrat xenarmor collection password recovery spyware stealer trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- XenArmor Suite
  XenArmor is as suite of password recovery tools for various application.
  recovery password xenarmor
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

4

T1081

Discovery

Lateral Movement

Collection

Data from Local System

4

T1005

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

XenArmor Suite

ACProtect 1.3x - 1.4x DLL software

Executes dropped EXE

UPX packed file

Loads dropped DLL

Reads data files stored by FTP clients

Reads local data of messenger clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook accounts

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2