bitrat | 03fecf2c72e71174940f6b7b31887155ce0f92e3af5f95ed323af83b1ca9814f | Triage

Submit
Reports

Overview

overview

Static

static

8645_30_321_PDF.exe

windows7-x64

8645_30_321_PDF.exe

windows10-1703-x64

8645_30_321_PDF.exe

windows10-2004-x64

Sharing

General

Target

8645_30_321_PDF.exe
Size

300.0MB
Sample

221103-vshdtsfbbp
MD5

b77a44c24d6afbeec6bf3fc7a89eef38
SHA1

9c956f05e4d77353c9da0fa34ce83b9603458b68
SHA256

03fecf2c72e71174940f6b7b31887155ce0f92e3af5f95ed323af83b1ca9814f
SHA512

b9d70c2dd353f6ffcb5e1442d4c93c4afb0c3d762c718b97d87a4b2726e93992f7ad3c046d778b3823bfd289ad1d26e56228838fd8f86425298e96acdfc079c9
SSDEEP

49152:65yqSeXRXNTeuzSMGSQvGMQGWcR4XkKodV9SMAOeZWjUvJ2GR6bcRhOPD5U6:65yqlXRXteg54GEdCPLOt4B2K6br5

Score

10^/10

bitrat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

8645_30_321_PDF.exe

Resource

win7-20220812-en

windows7-x64

0 signatures

1800 seconds

Behavioral task

behavioral2

Sample

8645_30_321_PDF.exe

Resource

win10-20220812-en

bitrat trojan upx

windows10-1703-x64

11 signatures

1800 seconds

Behavioral task

behavioral3

Sample

8645_30_321_PDF.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

1800 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bit9090.duckdns.org:9090

bitone9090.duckdns.org:9090

Attributes

communication_password
e10adc3949ba59abbe56e057f20f883e
tor_process
tor

Targets

- Target
  
  8645_30_321_PDF.exe
- Size
  
  300.0MB
- MD5
  
  b77a44c24d6afbeec6bf3fc7a89eef38
- SHA1
  
  9c956f05e4d77353c9da0fa34ce83b9603458b68
- SHA256
  
  03fecf2c72e71174940f6b7b31887155ce0f92e3af5f95ed323af83b1ca9814f
- SHA512
  
  b9d70c2dd353f6ffcb5e1442d4c93c4afb0c3d762c718b97d87a4b2726e93992f7ad3c046d778b3823bfd289ad1d26e56228838fd8f86425298e96acdfc079c9
- SSDEEP
  
  49152:65yqSeXRXNTeuzSMGSQvGMQGWcR4XkKodV9SMAOeZWjUvJ2GR6bcRhOPD5U6:65yqlXRXteg54GEdCPLOt4B2K6br5
Score

10^/10

bitrat trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

bitrattrojanupx

behavioral3

© 2018-2024

Terms | Privacy