bitrat | db222538ebb97c259d49917f7fdb5f7b38470fe96c38f190d0a2d79bcab1fb7a | Triage

Submit
Reports

Overview

overview

Static

static

827615424_...ed.exe

windows7-x64

827615424_...ed.exe

windows10-2004-x64

Sharing

General

Target

827615424_PDF_parsed.exe
Size

1.5MB
Sample

221027-w6nnfadac9
MD5

cd33f6e84ebfe15dab41be1319122907
SHA1

bff44bfcd5d534a2ce2ea8cab944391e7f55abc1
SHA256

db222538ebb97c259d49917f7fdb5f7b38470fe96c38f190d0a2d79bcab1fb7a
SHA512

6e664b00d9b7afb44e5559b7b152a742979c2a132857aa7eb94edb0ff22c75ad193c7eb5bb7dfb8071a79d480985c9b2b16550504632d9086814c10d02168a6b
SSDEEP

49152:Vnm4UcmDYIbFaTI39LMK44bFh1DgtJaJk4UUUUUJUUUUUU:x6blbku9Le4bFhuO1UUUUUJUUUUUU

Score

10^/10

bitrat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

827615424_PDF_parsed.exe

Resource

win7-20220901-en

bitrat trojan upx

windows7-x64

9 signatures

300 seconds

Behavioral task

behavioral2

Sample

827615424_PDF_parsed.exe

Resource

win10v2004-20220812-en

bitrat trojan upx

windows10-2004-x64

11 signatures

300 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitone9090.duckdns.org:9090

Attributes

communication_password
e10adc3949ba59abbe56e057f20f883e
tor_process
tor

Targets

- Target
  
  827615424_PDF_parsed.exe
- Size
  
  1.5MB
- MD5
  
  cd33f6e84ebfe15dab41be1319122907
- SHA1
  
  bff44bfcd5d534a2ce2ea8cab944391e7f55abc1
- SHA256
  
  db222538ebb97c259d49917f7fdb5f7b38470fe96c38f190d0a2d79bcab1fb7a
- SHA512
  
  6e664b00d9b7afb44e5559b7b152a742979c2a132857aa7eb94edb0ff22c75ad193c7eb5bb7dfb8071a79d480985c9b2b16550504632d9086814c10d02168a6b
- SSDEEP
  
  49152:Vnm4UcmDYIbFaTI39LMK44bFh1DgtJaJk4UUUUUJUUUUUU:x6blbku9Le4bFhuO1UUUUUJUUUUUU
Score

10^/10

bitrat trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitrattrojanupx

behavioral2

bitrattrojanupx

© 2018-2024

Terms | Privacy