bitrat | bf12b19bb482b4d29f530a0db201cbaa4c4604743b27df4bc42ce497bb682744 | Triage

Submit
Reports

Overview

overview

Static

static

bf12b19bb4...44.exe

windows7-x64

bf12b19bb4...44.exe

windows10-2004-x64

Sharing

General

Target

bf12b19bb482b4d29f530a0db201cbaa4c4604743b27df4bc42ce497bb682744
Size

1.5MB
Sample

221125-ls12hagg98
MD5

f414cb14362149432ee7627a94ca5633
SHA1

d62c38f089255d975720090b1d59ba7c6742e0d0
SHA256

bf12b19bb482b4d29f530a0db201cbaa4c4604743b27df4bc42ce497bb682744
SHA512

b736c1870a4fddeb7713a4b6e083021bbaad7df533759d1fead14a8af4f6b17e07b7a735e918958f4e237bf38b21d09d452ccf1d13417f0aa12a0b37519f5a10
SSDEEP

49152:tbQjO87uv8dZXxrWpSzTEbwcS8lvC0MwmwCarNY05BKLwAqWJL:lQjOid0Ew8cSuviwCarNY05BKLwAqWJL

Score

10^/10

bitrat persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

bf12b19bb482b4d29f530a0db201cbaa4c4604743b27df4bc42ce497bb682744.exe

Resource

win7-20221111-en

bitrat persistence trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

bf12b19bb482b4d29f530a0db201cbaa4c4604743b27df4bc42ce497bb682744.exe

Resource

win10v2004-20221111-en

bitrat persistence trojan upx

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.34

C2

185.244.30.105:6660

Attributes

communication_password
0d1dbf716d5d1832c99e43071c56e305
tor_process
tor

Targets

- Target
  
  bf12b19bb482b4d29f530a0db201cbaa4c4604743b27df4bc42ce497bb682744
- Size
  
  1.5MB
- MD5
  
  f414cb14362149432ee7627a94ca5633
- SHA1
  
  d62c38f089255d975720090b1d59ba7c6742e0d0
- SHA256
  
  bf12b19bb482b4d29f530a0db201cbaa4c4604743b27df4bc42ce497bb682744
- SHA512
  
  b736c1870a4fddeb7713a4b6e083021bbaad7df533759d1fead14a8af4f6b17e07b7a735e918958f4e237bf38b21d09d452ccf1d13417f0aa12a0b37519f5a10
- SSDEEP
  
  49152:tbQjO87uv8dZXxrWpSzTEbwcS8lvC0MwmwCarNY05BKLwAqWJL:lQjOid0Ew8cSuviwCarNY05BKLwAqWJL
Score

10^/10

bitrat persistence trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Core1 .NET packer
  Detects packer/loader used by .NET malware.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratpersistencetrojanupx

behavioral2

bitratpersistencetrojanupx

© 2018-2024

Terms | Privacy