bitrat | 07a3e0b0b46beba9fcf603b62237748395cb801229e19500ff0e5cb38c12c067 | Triage

Submit
Reports

Overview

overview

Static

static

FedEx00B19...ed.exe

windows7-x64

FedEx00B19...ed.exe

windows10-2004-x64

Sharing

General

Target

FedEx00B1915_parsed.exe
Size

1.7MB
Sample

221123-zjd29sch89
MD5

e6641a7a0c61243081e9342c2e5076c6
SHA1

035914a1d0244039d43c48cadcab0439ed6855d0
SHA256

07a3e0b0b46beba9fcf603b62237748395cb801229e19500ff0e5cb38c12c067
SHA512

fe6049ed585272f8dac944bfdb402241c0f0e844c2e210c2f61a1d96fbeb451e5bddc3e69b22febd2c1dffc5357b951d28710fcde61bab31e11b6f5ff8b0ceda
SSDEEP

49152:rl3Nx5txMWMlY23V6MKAL1BVHiBIHKG5HqMG:xH50WOY2lxKALpHhKo3G

Score

10^/10

bitrat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

FedEx00B1915_parsed.exe

Resource

win7-20220812-en

bitrat trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

FedEx00B1915_parsed.exe

Resource

win10v2004-20220812-en

bitrat trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

akatabit1915.duckdns.org:1915

Attributes

communication_password
e10adc3949ba59abbe56e057f20f883e
tor_process
tor

Targets

- Target
  
  FedEx00B1915_parsed.exe
- Size
  
  1.7MB
- MD5
  
  e6641a7a0c61243081e9342c2e5076c6
- SHA1
  
  035914a1d0244039d43c48cadcab0439ed6855d0
- SHA256
  
  07a3e0b0b46beba9fcf603b62237748395cb801229e19500ff0e5cb38c12c067
- SHA512
  
  fe6049ed585272f8dac944bfdb402241c0f0e844c2e210c2f61a1d96fbeb451e5bddc3e69b22febd2c1dffc5357b951d28710fcde61bab31e11b6f5ff8b0ceda
- SSDEEP
  
  49152:rl3Nx5txMWMlY23V6MKAL1BVHiBIHKG5HqMG:xH50WOY2lxKALpHhKo3G
Score

10^/10

bitrat trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitrattrojanupx

behavioral2

bitrattrojanupx

© 2018-2024

Terms | Privacy