bitrat | hxxps://www[.]grlabs[.]com[.]co/873_93_517_PDF[.]iso | Triage

Submit
Reports

Overview

overview

Static

static

URLScan

urlscan

1

https://www.grlabs.c...

windows7-x64

Sharing

General

Target

https://www.grlabs.com.co/873_93_517_PDF.iso
Sample

221026-jbcapsfahp

Score

10^/10

bitrat trojan upx

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://www.grlabs.com.co/873_93_517_PDF.iso

Resource

win7-20220812-en

bitrat trojan upx

windows7-x64

16 signatures

300 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitone9090.duckdns.org:9090

Attributes

communication_password
e10adc3949ba59abbe56e057f20f883e
tor_process
tor

Targets

- Target
  
  https://www.grlabs.com.co/873_93_517_PDF.iso
Score

10^/10

bitrat trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

urlscan1

behavioral1

bitrattrojanupx

© 2018-2024

Terms | Privacy