bitrat

Resubmissions

22-11-2022 00:51

221122-a7gqmagg5y 8

21-11-2022 23:09

21-11-2022 21:54

21-11-2022 21:30

21-11-2022 20:42

21-11-2022 19:29

Sharing

Copy URL

Twitter E-mail

General

Target

http://45.95.169.45:23205/
Sample

221121-1crkfsge79

Score

10^/10

Malware Config

Extracted

Family

bitrat

Version

1.38

45.95.168.128:23202

Attributes

communication_password
ed99c23d77796aac877ce1f91481dc28
install_dir
Oracle
install_file
java.exe
tor_process
tor

Targets

- Target
  
  http://45.95.169.45:23205/
Score

10^/10

bitrat persistence trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Downloads MZ/PE file

Executes dropped EXE

UPX packed file

Adds Run key to start application

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks

static1

urlscan1

behavioral1