bitrat | 2d3944cb25f2bf75d15aa54edc421c7ea48528a72369d0662dc6c87c257cebf6 | Triage

Submit
Reports

Overview

overview

Static

static

Dnmdyvchshdipt.exe

windows7-x64

Dnmdyvchshdipt.exe

windows10-2004-x64

Sharing

General

Target

Dnmdyvchshdipt.exe
Size

983KB
Sample

221010-s4rerscfcj
MD5

79be246f61875a5fe4ffd36501440e28
SHA1

ab7273e1e94550deb5704a34432f5abe14774899
SHA256

2d3944cb25f2bf75d15aa54edc421c7ea48528a72369d0662dc6c87c257cebf6
SHA512

696a1f3d8c47cfaa32d634fdad5874e3c1e3938f47700d52ded7c0c0a7a47ed6d96c1110e51236b8e2366d9df1bb687db83bce08ba420a4640a2a9be33323e5c
SSDEEP

12288:70zNX3tuamI3X8LxJGKWR1VUeVGekrQB+vx6j/7mHPCFtVSX3x7FRS8H/vYeTdEj:7OJ13X8vGKWxhGlrQkx8CHmtVSn52Ao

Score

10^/10

bitrat modiloader persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

Dnmdyvchshdipt.exe

Resource

win7-20220812-en

modiloader trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

Dnmdyvchshdipt.exe

Resource

win10v2004-20220901-en

bitrat modiloader persistence trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

su1d.nerdpol.ovh:2288

Attributes

communication_password
653d716345d8915046b904b90f41f271
tor_process
tor

Targets

- Target
  
  Dnmdyvchshdipt.exe
- Size
  
  983KB
- MD5
  
  79be246f61875a5fe4ffd36501440e28
- SHA1
  
  ab7273e1e94550deb5704a34432f5abe14774899
- SHA256
  
  2d3944cb25f2bf75d15aa54edc421c7ea48528a72369d0662dc6c87c257cebf6
- SHA512
  
  696a1f3d8c47cfaa32d634fdad5874e3c1e3938f47700d52ded7c0c0a7a47ed6d96c1110e51236b8e2366d9df1bb687db83bce08ba420a4640a2a9be33323e5c
- SSDEEP
  
  12288:70zNX3tuamI3X8LxJGKWR1VUeVGekrQB+vx6j/7mHPCFtVSX3x7FRS8H/vYeTdEj:7OJ13X8vGKWxhGlrQkx8CHmtVSn52Ao
Score

10^/10

modiloader trojan bitrat persistence upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Blocklisted process makes network request
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

bitratmodiloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy