bitrat | d1ecf0f3592c06329182cbcd25fa654bb48c441c0b54bfb5c4b40fbaa517cdbf | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

d1ecf0f3592c06329182cbcd25fa654bb48c441c0b54bfb5c4b40fbaa517cdbf
Size

1.4MB
Sample

221105-zt3hlshfg3
MD5

32d4216d4ef2af912921fc2931c0bd88
SHA1

3e79dd260b67ed27134246e9461d8878c7ac73e3
SHA256

d1ecf0f3592c06329182cbcd25fa654bb48c441c0b54bfb5c4b40fbaa517cdbf
SHA512

7a25bcf3954238ab946ce95dc4153518fe67e773845f2bd037eac64c93906223b3ec611a04160cc20f85c4afa0b7124c8eacb43667ecb3fdde2776698f5b2b37
SSDEEP

24576:SndRKZCy2BrhCeU2i2cJijFbCBTPmiY05tJMSQp5ysA7Yg1nLkzmmKNLyEi93L2:EXDFBU2iIBb0xY/6sUYYMKns0

Score

10^/10

bitrat xenarmor collection password persistence recovery spyware stealer trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d1ecf0f3592c06329182cbcd25fa654bb48c441c0b54bfb5c4b40fbaa517cdbf.exe

Resource

win10v2004-20220812-en

bitrat xenarmor collection password persistence recovery spyware stealer trojan upx

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

nicehash.at:6000

Attributes

communication_password
005f16f264f006578c55237781f36898
install_dir
JavaHelper
install_file
Java.exe
tor_process
tor

Targets

- Target
  
  d1ecf0f3592c06329182cbcd25fa654bb48c441c0b54bfb5c4b40fbaa517cdbf
- Size
  
  1.4MB
- MD5
  
  32d4216d4ef2af912921fc2931c0bd88
- SHA1
  
  3e79dd260b67ed27134246e9461d8878c7ac73e3
- SHA256
  
  d1ecf0f3592c06329182cbcd25fa654bb48c441c0b54bfb5c4b40fbaa517cdbf
- SHA512
  
  7a25bcf3954238ab946ce95dc4153518fe67e773845f2bd037eac64c93906223b3ec611a04160cc20f85c4afa0b7124c8eacb43667ecb3fdde2776698f5b2b37
- SSDEEP
  
  24576:SndRKZCy2BrhCeU2i2cJijFbCBTPmiY05tJMSQp5ysA7Yg1nLkzmmKNLyEi93L2:EXDFBU2iIBb0xY/6sUYYMKns0
Score

10^/10

bitrat xenarmor collection password persistence recovery spyware stealer trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- XenArmor Suite
  XenArmor is as suite of password recovery tools for various application.
  recovery password xenarmor
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratxenarmorcollectionpasswordpersistencerecoveryspywarestealertrojanupx

© 2018-2024

Terms | Privacy