bitrat | e9e3154e1f71df58e61ade53bb23726927b5c23e8027a452e98b1dbcfafb1ade | Triage

Submit
Reports

Overview

overview

Static

static

43_85_73.exe

windows7-x64

43_85_73.exe

windows10-2004-x64

Sharing

General

Target

43_85_7369_PDF.zip
Size

3.2MB
Sample

221024-wvax7saacp
MD5

60599a9bdc22afc4983c68c590cfa7e2
SHA1

4fad20e348922e30809c491963c8e69fd5eed0c0
SHA256

e9e3154e1f71df58e61ade53bb23726927b5c23e8027a452e98b1dbcfafb1ade
SHA512

8339f512e0abef4bf948efb150c55210c7995eb030c7bf9b143b2cd64452194efaa5fe414a47dddfa736fefdbe9bc04d972d321ec0666ff79bd7c721c753acdf
SSDEEP

98304:IrJZ9gZeS2QgTWy0mUcfJroRtNuaedPnGvldH:Ir9gMS2jTQmUOoRqdPnGtB

Score

10^/10

bitrat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

43_85_73.exe

Resource

win7-20220812-en

bitrat trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

43_85_73.exe

Resource

win10v2004-20220901-en

bitrat trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitone9090.duckdns.org:9090

bit9090.duckdns.org:9090

Attributes

communication_password
e10adc3949ba59abbe56e057f20f883e
tor_process
tor

Targets

- Target
  
  43_85_73.EXE
- Size
  
  300.0MB
- MD5
  
  8f9d8cc6161e6f0fb40e39d8cc48b041
- SHA1
  
  0e97ec09f7e2c4657b088f2089f069c168668a91
- SHA256
  
  1c8b09e66801723b6f31af1635a5582cc4445e277bd97bc16890c32378b7264c
- SHA512
  
  e48eb929e215095684ca276410bb67f305248ba745443ec6c4eac0ed7704519f35ca7004b8e523533facb5f540a809d1dfbd99061591c44f5fe378d772dc14ef
- SSDEEP
  
  196608:sCffCUms3Tei8piR+ZPrUQUUUUUJUUUUUU:1CKSidEPQ
Score

10^/10

bitrat trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitrattrojanupx

behavioral2

bitrattrojanupx

© 2018-2024

Terms | Privacy