bitrat | 13147866e478e4791cf9db0cbd9ba1ccd7a3e663b97519260c3e447ff5856767 | Triage

Submit
Reports

Overview

overview

Static

static

13147866E4...51.exe

windows7-x64

13147866E4...51.exe

windows10-2004-x64

Sharing

General

Target

13147866E478E4791CF9DB0CBD9BA1CCD7A3E663B9751.exe
Size

4.4MB
Sample

221023-c3kylafhd7
MD5

12415c8e03124f0d85a7e4c097558e94
SHA1

fa6d040053b330721d55a76167e95c57d8743043
SHA256

13147866e478e4791cf9db0cbd9ba1ccd7a3e663b97519260c3e447ff5856767
SHA512

7cff2269966f927a171d0772d65625ef8e8f38d8b4b171f1f440da330cb8fcc0f914b2688bf55942e14a095a36a3d80b07c1657a71f37e18f93e7f1846454800
SSDEEP

98304:GqM/BK8dmK4KB+vLMpKsUowZsVVtBJko8zkauEmgDyFhp1/G9t2+CgguMFNnYubB:GqMJKwF4tkKsUoGErmHHxDynHU2RuYxT

Score

10^/10

bitrat persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

13147866E478E4791CF9DB0CBD9BA1CCD7A3E663B9751.exe

Resource

win7-20220901-en

bitrat persistence trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

13147866E478E4791CF9DB0CBD9BA1CCD7A3E663B9751.exe

Resource

win10v2004-20220812-en

bitrat persistence trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

fvdvdcscvf.con-ip.com:1880

Attributes

communication_password
202cb962ac59075b964b07152d234b70
tor_process
tor

Targets

- Target
  
  13147866E478E4791CF9DB0CBD9BA1CCD7A3E663B9751.exe
- Size
  
  4.4MB
- MD5
  
  12415c8e03124f0d85a7e4c097558e94
- SHA1
  
  fa6d040053b330721d55a76167e95c57d8743043
- SHA256
  
  13147866e478e4791cf9db0cbd9ba1ccd7a3e663b97519260c3e447ff5856767
- SHA512
  
  7cff2269966f927a171d0772d65625ef8e8f38d8b4b171f1f440da330cb8fcc0f914b2688bf55942e14a095a36a3d80b07c1657a71f37e18f93e7f1846454800
- SSDEEP
  
  98304:GqM/BK8dmK4KB+vLMpKsUowZsVVtBJko8zkauEmgDyFhp1/G9t2+CgguMFNnYubB:GqMJKwF4tkKsUoGErmHHxDynHU2RuYxT
Score

10^/10

bitrat persistence trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratpersistencetrojanupx

behavioral2

bitratpersistencetrojanupx

© 2018-2024

Terms | Privacy