bitrat | 897c493548dd9537dc52dccbcd65373b86ffcef1285befaa88a252b8475a32a1 | Triage

Submit
Reports

Overview

overview

Static

static

897c493548...a1.exe

windows7-x64

897c493548...a1.exe

windows10-2004-x64

Sharing

General

Target

897c493548dd9537dc52dccbcd65373b86ffcef1285befaa88a252b8475a32a1.exe
Size

12KB
Sample

221208-nt2erscg9s
MD5

a2bf963447678bc8e50ae4be3200a2d4
SHA1

f5ab9610c07d20b09b04ae45423ab7e3c1953241
SHA256

897c493548dd9537dc52dccbcd65373b86ffcef1285befaa88a252b8475a32a1
SHA512

6cccec003d0fb435b4698a83a7c0631afee395ce6b9e7730ac23d9878d2e409a89de39f0de770c7cf046960d4bd5997007391ed98090683de9ccf852618a23a6
SSDEEP

192:rWvUwdeu5ILftAEl5IObSW0VlO1TTgJMRqIcuuuH:roNILfuSIyqlqTEKR

Score

10^/10

bitrat persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

897c493548dd9537dc52dccbcd65373b86ffcef1285befaa88a252b8475a32a1.exe

Resource

win7-20220901-en

bitrat persistence trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

897c493548dd9537dc52dccbcd65373b86ffcef1285befaa88a252b8475a32a1.exe

Resource

win10v2004-20220812-en

bitrat persistence trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

37.139.128.233:3569

Attributes

communication_password
ce952068942604a6d6df06ed5002fad6
tor_process
tor

Targets

- Target
  
  897c493548dd9537dc52dccbcd65373b86ffcef1285befaa88a252b8475a32a1.exe
- Size
  
  12KB
- MD5
  
  a2bf963447678bc8e50ae4be3200a2d4
- SHA1
  
  f5ab9610c07d20b09b04ae45423ab7e3c1953241
- SHA256
  
  897c493548dd9537dc52dccbcd65373b86ffcef1285befaa88a252b8475a32a1
- SHA512
  
  6cccec003d0fb435b4698a83a7c0631afee395ce6b9e7730ac23d9878d2e409a89de39f0de770c7cf046960d4bd5997007391ed98090683de9ccf852618a23a6
- SSDEEP
  
  192:rWvUwdeu5ILftAEl5IObSW0VlO1TTgJMRqIcuuuH:roNILfuSIyqlqTEKR
Score

10^/10

bitrat persistence trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratpersistencetrojan

behavioral2

bitratpersistencetrojanupx

© 2018-2024

Terms | Privacy