bitrat | 0dde30f13f606dc2d64539fd7ab3fb4fa6695464f69b3d33243536457f40b77a | Triage

Submit
Reports

Overview

overview

Static

static

CJYUAEBL.exe

windows10-2004-x64

Resubmissions

05-12-2022 20:48

221205-zlvssshg5t 10

05-12-2022 20:07

221205-ywb8rseh41 10

Sharing

General

Target

DHL_1000000000.ISO
Size

1.6MB
Sample

221205-zlvssshg5t
MD5

9cfe4b1c716d5c495a905581d6f24c3e
SHA1

2bc6c72a41f2d302cadc58fc76737e3e93021353
SHA256

0dde30f13f606dc2d64539fd7ab3fb4fa6695464f69b3d33243536457f40b77a
SHA512

59d01e7b6aa182b8bcabce912d2d9ed34a859d863209e769929292fe7a808c508fe64526dee1bcebfb0d493e54ff8602cbf9ecc8d1ddd9a03f2baee21e4a8000
SSDEEP

24576:7wfXt2qCbasU3cyK9pNhMhtrjxLF7ZQ/ronBb5:7EcO+9bh+1lLFaMnBb

Score

10^/10

bitrat modiloader persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

CJYUAEBL.exe

Resource

win10v2004-20220901-en

bitrat modiloader persistence trojan upx

windows10-2004-x64

23 signatures

1800 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

winery.nsupdate.info:5877

Attributes

communication_password
e5ff7c52fb3501484ea7ca8641803415
tor_process
tor

Targets

- Target
  
  CJYUAEBL.EXE
- Size
  
  1010KB
- MD5
  
  7cb5f631784c4e56f1bbbd2db5e08cf4
- SHA1
  
  467bcd4c278b2fae07b3dfb68b29814f0c1ec606
- SHA256
  
  ffa9f3d0e3d4d29b10cba30fe3394d538b8c415e9c29cf36a56990e9204ec7bf
- SHA512
  
  07ec1ed2124d24c02438fec3cd9ca65897f320fcb324192f5717ff0759c3a6a24e04e88dff84fd4ba37e0370c24d092231c93147fe90e93ce981cda6335d33f2
- SSDEEP
  
  24576:owfXt2qCbasU3cyK9pNhMhtrjxLF7ZQ/ronBb5:oEcO+9bh+1lLFaMnBb
Score

10^/10

bitrat modiloader persistence trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Modifies Installed Components in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratmodiloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy