bitrat | 7b384d4cad84fa53ded2466e2600f2658b85f66d7155cf4895d1f81810c82ca5 | Triage

Submit
Reports

Overview

overview

Static

static

67_03_635_PDF.exe

windows10-1703-x64

67_03_635_PDF.exe

windows7-x64

1

67_03_635_PDF.exe

windows10-2004-x64

Resubmissions

07-12-2022 19:02

221207-xps29sff88 10

07-12-2022 18:58

221207-xmhthsag6v 1

Sharing

General

Target

67_03_635_PDF.exe
Size

3.0MB
Sample

221207-xps29sff88
MD5

147c968922ab4d76d5b63ea9514bff69
SHA1

4ea9cf1c7703e3f0ed5a7be291dc27b44230d771
SHA256

7b384d4cad84fa53ded2466e2600f2658b85f66d7155cf4895d1f81810c82ca5
SHA512

2f7146db39f13edd8ff10aebaa554366fcf33754521b25d29e354bfb4e29f9f2b22438a847f3c52b736791237191214e718bd8b361dcd6b2b8ccecdcebdd2391
SSDEEP

98304:y81XfekfvDqec/kf3MuR38VDRkB00XWz+pGi:y8ZWQOLsf52V1k+0I

Score

10^/10

bitrat persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

67_03_635_PDF.exe

Resource

win10-20220812-en

bitrat persistence trojan upx

windows10-1703-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

67_03_635_PDF.exe

Resource

win7-20220812-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral3

Sample

67_03_635_PDF.exe

Resource

win10v2004-20220812-en

bitrat persistence trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitrat7090.duckdns.org:7090

Attributes

communication_password
e10adc3949ba59abbe56e057f20f883e
tor_process
tor

Targets

- Target
  
  67_03_635_PDF.exe
- Size
  
  3.0MB
- MD5
  
  147c968922ab4d76d5b63ea9514bff69
- SHA1
  
  4ea9cf1c7703e3f0ed5a7be291dc27b44230d771
- SHA256
  
  7b384d4cad84fa53ded2466e2600f2658b85f66d7155cf4895d1f81810c82ca5
- SHA512
  
  2f7146db39f13edd8ff10aebaa554366fcf33754521b25d29e354bfb4e29f9f2b22438a847f3c52b736791237191214e718bd8b361dcd6b2b8ccecdcebdd2391
- SSDEEP
  
  98304:y81XfekfvDqec/kf3MuR38VDRkB00XWz+pGi:y8ZWQOLsf52V1k+0I
Score

10^/10

bitrat persistence trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratpersistencetrojanupx

behavioral2

behavioral3

bitratpersistencetrojanupx

© 2018-2024

Terms | Privacy