bitrat | 9d5e19acb918040dcf79ccff74833262fb19f5460f51587d265210374f6f1884 | Triage

Submit
Reports

Overview

overview

Static

static

NAMUJS_ETR...PT.exe

windows7-x64

NAMUJS_ETR...PT.exe

windows10-2004-x64

Sharing

General

Target

7-7811296177.zip
Size

1.8MB
Sample

221003-tqyscsedd3
MD5

5522f833e5da6b360835d4c7860aae34
SHA1

ecca053e1ed9b344b851c544736abb66caec7501
SHA256

9d5e19acb918040dcf79ccff74833262fb19f5460f51587d265210374f6f1884
SHA512

339e3cce5f1af5a294c3a0774532c3e6a7c456320d1b0c9297247160138827de5b1bd17cb593f5780502fe1f65edf6d1119626481506283d37c660e9979e79e1
SSDEEP

49152:L8+RwDlNHUlXUmXObzoQhAwAQ+HpcBLPwYyjWe25h:w+UiEiEKwIS5Iva

Score

10^/10

bitrat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

NAMUJS_ETRANSFER_RECEIPT.exe

Resource

win7-20220812-en

bitrat trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

NAMUJS_ETRANSFER_RECEIPT.exe

Resource

win10v2004-20220812-en

bitrat trojan upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitrat9300.duckdns.org:9300

Attributes

communication_password
e10adc3949ba59abbe56e057f20f883e
tor_process
tor

Targets

- Target
  
  NAMUJS_ETRANSFER_RECEIPT.exe
- Size
  
  300.0MB
- MD5
  
  aa16895db009a8b646bb9c51f9b51c58
- SHA1
  
  014b372bc0620fb1173679abb7c189d0464ce208
- SHA256
  
  72656944adc7c9dabbc263d8a1c7f79ff6d0b6a3b06a11f88b741977c5e4f751
- SHA512
  
  4411e718c124059044ab7fbe54f3fefa76c9d5cd2263c4214c70a498d681f87f2804aef0e8c94b630fadf9470d5e804702349ab21fafa512a368d90424d8e29b
- SSDEEP
  
  24576:GzEo/IReVjVaXcqqza/KkJVWpcpr8lCGyi2FBGbZLipIjJ7Fb5DIoN3EtO:GziCYXKzyKkJM8r8lXyEGpIjJ73jtEt
Score

10^/10

bitrat trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitrattrojanupx

behavioral2

bitrattrojanupx

© 2018-2024

Terms | Privacy