bitrat | 8198d59461dfb08d7a350333d1459231543c6a29e8db7c31fd14850868a75a38 | Triage

Submit
Reports

Overview

overview

Static

static

NAMUJS_ETR...PT.exe

windows7-x64

NAMUJS_ETR...PT.exe

windows10-2004-x64

Sharing

General

Target

4-8198d59461dfb08d7a350333d1459231543c6a29e8db7c31fd14850868a75a38
Size

300.6MB
Sample

221003-s4xlsadbh4
MD5

9589b37034846688cf65653486bcd897
SHA1

6065a4703cd749c5196bdfa8a7d79732e3a11368
SHA256

8198d59461dfb08d7a350333d1459231543c6a29e8db7c31fd14850868a75a38
SHA512

d58310560d0792e768ba2615524cf7bb3c79421a70e07d6c08313b5fb361fdba62c8e39b445fa38d3db2006c9530608afa3930a5109fc291fd90e62e104819dd
SSDEEP

24576:qzEo/IReVjVaXcqqza/KkJVWpcpr8lCGyi2FBGbZLipIjJ7Fb5DIoN3EtO:qziCYXKzyKkJM8r8lXyEGpIjJ73jtEt

Score

10^/10

bitrat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

NAMUJS_ETRANSFER_RECEIPT.exe

Resource

win7-20220901-en

bitrat trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

NAMUJS_ETRANSFER_RECEIPT.exe

Resource

win10v2004-20220812-en

bitrat trojan upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitrat9300.duckdns.org:9300

Attributes

communication_password
e10adc3949ba59abbe56e057f20f883e
tor_process
tor

Targets

- Target
  
  NAMUJS_ETRANSFER_RECEIPT.exe
- Size
  
  300.0MB
- MD5
  
  aa16895db009a8b646bb9c51f9b51c58
- SHA1
  
  014b372bc0620fb1173679abb7c189d0464ce208
- SHA256
  
  72656944adc7c9dabbc263d8a1c7f79ff6d0b6a3b06a11f88b741977c5e4f751
- SHA512
  
  4411e718c124059044ab7fbe54f3fefa76c9d5cd2263c4214c70a498d681f87f2804aef0e8c94b630fadf9470d5e804702349ab21fafa512a368d90424d8e29b
- SSDEEP
  
  24576:GzEo/IReVjVaXcqqza/KkJVWpcpr8lCGyi2FBGbZLipIjJ7Fb5DIoN3EtO:GziCYXKzyKkJM8r8lXyEGpIjJ73jtEt
Score

10^/10

bitrat trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitrattrojanupx

behavioral2

bitrattrojanupx

© 2018-2024

Terms | Privacy