bitrat | bdc7fa90a1a4ae03e63fe914c7222cd7019d1b3cd0676fa5ee3f6f7c04416d7b | Triage

Submit
Reports

Overview

overview

Static

static

bdc7fa90a1...7b.exe

windows7-x64

bdc7fa90a1...7b.exe

windows10-2004-x64

1

Sharing

General

Target

bdc7fa90a1a4ae03e63fe914c7222cd7019d1b3cd0676fa5ee3f6f7c04416d7b
Size

8.7MB
Sample

221130-rwc2qshc73
MD5

99da955426a8cfa74ac059a995a2a9a6
SHA1

cc6d485ed25c1e25fad316c51a5529f0e646c68e
SHA256

bdc7fa90a1a4ae03e63fe914c7222cd7019d1b3cd0676fa5ee3f6f7c04416d7b
SHA512

e0a0430f929d71396c48ce3687652ebfac26490c17c5da091562804ecc4b023639548416bafffd2f2ab2ab00c1ecebcd8b7cad8a34c113f0031dc5cd14ddc67d
SSDEEP

98304:LPzDGc/41Hm1mVCZhKNNX5jA8HynvsXmsXpwkeikcfCtX/rjCiGUJ7W7+iQI0gVO:Lao1j+/5kOyn02sXp8pcfkDjHhiz08O

Score

10^/10

bitrat agilenet persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

bdc7fa90a1a4ae03e63fe914c7222cd7019d1b3cd0676fa5ee3f6f7c04416d7b.exe

Resource

win7-20220812-en

bitrat agilenet persistence trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

bdc7fa90a1a4ae03e63fe914c7222cd7019d1b3cd0676fa5ee3f6f7c04416d7b.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.34

C2

zeunc5eb7ccgvaz5fxhqzgycrlsilnezv42wytlf6alvcfghlhhy27qd.onion:80

Attributes

communication_password
81dc9bdb52d04dc20036dbd8313ed055
tor_process
TORBUILD

Targets

- Target
  
  bdc7fa90a1a4ae03e63fe914c7222cd7019d1b3cd0676fa5ee3f6f7c04416d7b
- Size
  
  8.7MB
- MD5
  
  99da955426a8cfa74ac059a995a2a9a6
- SHA1
  
  cc6d485ed25c1e25fad316c51a5529f0e646c68e
- SHA256
  
  bdc7fa90a1a4ae03e63fe914c7222cd7019d1b3cd0676fa5ee3f6f7c04416d7b
- SHA512
  
  e0a0430f929d71396c48ce3687652ebfac26490c17c5da091562804ecc4b023639548416bafffd2f2ab2ab00c1ecebcd8b7cad8a34c113f0031dc5cd14ddc67d
- SSDEEP
  
  98304:LPzDGc/41Hm1mVCZhKNNX5jA8HynvsXmsXpwkeikcfCtX/rjCiGUJ7W7+iQI0gVO:Lao1j+/5kOyn02sXp8pcfkDjHhiz08O
Score

10^/10

bitrat agilenet persistence trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratagilenetpersistencetrojanupx

behavioral2

© 2018-2024

Terms | Privacy