bitrat | eb09c48f045d418e00024488257c191305796969d0a2bcd99f84ce5d5e79cc7e | Triage

Submit
Reports

Overview

overview

Static

static

1f3b0c2_comppdf.exe

windows7-x64

1f3b0c2_comppdf.exe

windows10-2004-x64

Sharing

General

Target

8266357596.zip
Size

12KB
Sample

221028-wak8fahcek
MD5

f204e67998957386d0a442e04a301084
SHA1

c7989fdf0737c66c88dfb117d1b61a481347c673
SHA256

eb09c48f045d418e00024488257c191305796969d0a2bcd99f84ce5d5e79cc7e
SHA512

40a346db624282ff1cb24704d3734211cd0802981e5c31235ea94cd8b8ea11030bf0d4bc102f9a3977001d2eb3ff0494912fc249270ba85843f6cd2e649ef882
SSDEEP

384:y8XOSPw1G8uLy9t15mV/udFWQZg/HktX8Nzk59eGZD/UBLeF:A26uLy9tjXWQZgCX8NzY9pUs

Score

10^/10

bitrat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

1f3b0c2_comppdf.exe

Resource

win7-20220812-en

bitrat trojan upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

1f3b0c2_comppdf.exe

Resource

win10v2004-20220812-en

bitrat trojan upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

192.3.76.153:5200

Attributes

communication_password
e10adc3949ba59abbe56e057f20f883e
tor_process
tor

Targets

- Target
  
  1f3b0c2_comppdf.exe
- Size
  
  82KB
- MD5
  
  c170b74c3ca105d636876a6f81d17d02
- SHA1
  
  aae66cfd3e1b3132e2188e1d229896d1d42493c1
- SHA256
  
  74cab4c8f16ad111496aab0e1fb101e25fb7c26cebb79cf6a870c12d318efdda
- SHA512
  
  d3b18d6bfc78cb6bf1e61dc81a67f721ad5f806d5c6ffa0de1982ec2602259a4f015046c1ce878d80b586733a54fa844879faba098cb71555ae2f2687587b7e2
- SSDEEP
  
  768:t20v/xNDKwkuedmdVKCPhpoj+f5RdNKW:d/xNDKwkvdmdVKCP7owdNr
Score

10^/10

bitrat trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitrattrojanupx

behavioral2

bitrattrojanupx

© 2018-2024

Terms | Privacy