bitrat | 311dc36ff1b1c092fe3c27ea3d7c699b77d092da4d5f1ccb5fc8e35b9a4adf5c | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

311dc36ff1b1c092fe3c27ea3d7c699b77d092da4d5f1ccb5fc8e35b9a4adf5c
Size

65KB
Sample

221201-sknjrsed91
MD5

7e319c1315d5b97983fb7cb4d93ddf0c
SHA1

fde2d21cb08b8d95ea2e4419e51aa43f8da348ac
SHA256

311dc36ff1b1c092fe3c27ea3d7c699b77d092da4d5f1ccb5fc8e35b9a4adf5c
SHA512

02f59f8d2dd41e1e287c46a8bd3119c98d2f2500a95a7d980791f7f6f326cad43111385b30d3c8e6de912905a81527632dd9a7089f1aa6f1716eabe4608bcfad
SSDEEP

1536:WIHebrEKfgYBUngABZvxZ/DOG8s8MkeNSzXzK1:Gb4KRapBZP/Dl8DMDSzX+1

Score

10^/10

bitrat xenarmor collection password persistence recovery spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

311dc36ff1b1c092fe3c27ea3d7c699b77d092da4d5f1ccb5fc8e35b9a4adf5c.exe

Resource

win10v2004-20220901-en

bitrat xenarmor collection password persistence recovery spyware stealer trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

37.139.128.233:3569

Attributes

communication_password
ce952068942604a6d6df06ed5002fad6
tor_process
tor

Targets

- Target
  
  311dc36ff1b1c092fe3c27ea3d7c699b77d092da4d5f1ccb5fc8e35b9a4adf5c
- Size
  
  65KB
- MD5
  
  7e319c1315d5b97983fb7cb4d93ddf0c
- SHA1
  
  fde2d21cb08b8d95ea2e4419e51aa43f8da348ac
- SHA256
  
  311dc36ff1b1c092fe3c27ea3d7c699b77d092da4d5f1ccb5fc8e35b9a4adf5c
- SHA512
  
  02f59f8d2dd41e1e287c46a8bd3119c98d2f2500a95a7d980791f7f6f326cad43111385b30d3c8e6de912905a81527632dd9a7089f1aa6f1716eabe4608bcfad
- SSDEEP
  
  1536:WIHebrEKfgYBUngABZvxZ/DOG8s8MkeNSzXzK1:Gb4KRapBZP/Dl8DMDSzX+1
Score

10^/10

bitrat xenarmor collection password persistence recovery spyware stealer trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- XenArmor Suite
  XenArmor is as suite of password recovery tools for various application.
  recovery password xenarmor
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratxenarmorcollectionpasswordpersistencerecoveryspywarestealertrojanupx

© 2018-2024

Terms | Privacy