bitrat | 6ed2e7b85f9591e922a95dbc167e5ed3ca2da2d3b823ed14aadc3eecdbddd5f0 | Triage

Submit
Reports

Overview

overview

Static

static

873_93_517_PDF.exe

windows7-x64

873_93_517_PDF.exe

windows10-2004-x64

Sharing

General

Target

873_93_517_PDF.exe
Size

23KB
Sample

221026-jnjkjsfbbn
MD5

bf1cd9a3b9f4e67ccfd3a2a1e2942c0c
SHA1

fb5249b0a315531d94bf4e73d2b9902b8a39e63f
SHA256

6ed2e7b85f9591e922a95dbc167e5ed3ca2da2d3b823ed14aadc3eecdbddd5f0
SHA512

5e219a2d85b36080a49079a97eb6aa4c5a4dc3290f0ed3e67134824b622d29fe72c3e58f8a2c6c41471d7c198250a29c101a6792eba628483a0052bfdf074cc7
SSDEEP

384:+2HMdudOHoRir1G/gJ6jX4hy7cySdI5P9mei8MwU/iUx8VWDCvqhms3h2wappTut:+20v/xDDuwkuedmdVKBDhpA3T+RPvjG

Score

10^/10

bitrat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

873_93_517_PDF.exe

Resource

win7-20220812-en

bitrat trojan upx

windows7-x64

14 signatures

300 seconds

Behavioral task

behavioral2

Sample

873_93_517_PDF.exe

Resource

win10v2004-20220812-en

bitrat trojan upx

windows10-2004-x64

7 signatures

300 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitone9090.duckdns.org:9090

Attributes

communication_password
e10adc3949ba59abbe56e057f20f883e
tor_process
tor

Targets

- Target
  
  873_93_517_PDF.exe
- Size
  
  23KB
- MD5
  
  bf1cd9a3b9f4e67ccfd3a2a1e2942c0c
- SHA1
  
  fb5249b0a315531d94bf4e73d2b9902b8a39e63f
- SHA256
  
  6ed2e7b85f9591e922a95dbc167e5ed3ca2da2d3b823ed14aadc3eecdbddd5f0
- SHA512
  
  5e219a2d85b36080a49079a97eb6aa4c5a4dc3290f0ed3e67134824b622d29fe72c3e58f8a2c6c41471d7c198250a29c101a6792eba628483a0052bfdf074cc7
- SSDEEP
  
  384:+2HMdudOHoRir1G/gJ6jX4hy7cySdI5P9mei8MwU/iUx8VWDCvqhms3h2wappTut:+20v/xDDuwkuedmdVKBDhpA3T+RPvjG
Score

10^/10

bitrat trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitrattrojanupx

behavioral2

bitrattrojanupx

© 2018-2024

Terms | Privacy