bitrat | b2405a2b79d7c7a39194b953b18857cae0406e917eb4c3346bb990addef76dc1 | Triage

Submit
Reports

Overview

overview

Static

static

CJYUAEBL.exe

windows7-x64

CJYUAEBL.exe

windows10-2004-x64

Sharing

General

Target

DHL_1000000.ISO
Size

1.6MB
Sample

221205-ywy3jaca92
MD5

25aa3929230889797acc56ee762ebb57
SHA1

52ab7b5987400665e3cef1044db67738ad5b0c58
SHA256

b2405a2b79d7c7a39194b953b18857cae0406e917eb4c3346bb990addef76dc1
SHA512

d3c63d062e7f6c926e8f7dc2a02504eaaacb9fa38ecf71e3a0cd34e691e1981448e10249db07cafaf97d1ffb07e799c7999d606cec13e3bd551d2610638fd356
SSDEEP

24576:hwfXt2qCbasU3cyK9pNhMhtrjxLF7ZQ/ronBb5:hEcO+9bh+1lLFaMnBb

Score

10^/10

bitrat modiloader persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

CJYUAEBL.exe

Resource

win7-20221111-en

modiloader trojan

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

CJYUAEBL.exe

Resource

win10v2004-20220812-en

bitrat modiloader persistence trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

winery.nsupdate.info:5877

Attributes

communication_password
e5ff7c52fb3501484ea7ca8641803415
tor_process
tor

Targets

- Target
  
  CJYUAEBL.EXE
- Size
  
  1010KB
- MD5
  
  2ae6e69113d98e4f3bb815c21f626496
- SHA1
  
  78920f0064d350e24812fda6c5658ac6177b5cf5
- SHA256
  
  0305b3a95aff122c888a200de747a565208ea19494c8257b0c972084141f42c4
- SHA512
  
  c7afbd664a2eebeeac3bdd01a359ea74da953552cad187682d431f0af754725a08f1135457618618a51bf1e3893a6c3a0c05e68172ee9eefcb020187ab8dfd0e
- SSDEEP
  
  24576:owfXt2qCbasU3cyK9pNhMhtrjxLF7ZQ/ronBb5:oEcO+9bh+1lLFaMnBb
Score

10^/10

modiloader trojan bitrat persistence upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

bitratmodiloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy