Overview

overview

10

Static

static

1

0e5fadebbb...f7.exe

windows7-x64

3

0e5fadebbb...f7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0e5fadebbb63160d78fab09972b795f7.exe

  • Size

    2.1MB

  • Sample

    230211-lkxzwadc5v

  • MD5

    0e5fadebbb63160d78fab09972b795f7

  • SHA1

    64259d7e08928f9b2f5a8639ba970d8f36b904d6

  • SHA256

    fc729002ac4f2ca65757920fe60351d318b329d854cbf709addf0761d0c68664

  • SHA512

    949ab8bdb2e60941231faa2e744a78c8f7153536013296c459d025ce67ecd7bcf38c8f024fe4d7d79c0cc973781a4725ff07a2d1a32bb9286c0f41fcac6ebe96

  • SSDEEP

    49152:LTQrHkWhCQyTmeBm/o56gJetPDI+55De8dKbfstgi/:WCrTPm/osgJi8+fzkfs//

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

101.99.94.203:1234

Attributes
  • communication_password

    e10adc3949ba59abbe56e057f20f883e

  • tor_process

    tor

Targets

    • Target

      0e5fadebbb63160d78fab09972b795f7.exe

    • Size

      2.1MB

    • MD5

      0e5fadebbb63160d78fab09972b795f7

    • SHA1

      64259d7e08928f9b2f5a8639ba970d8f36b904d6

    • SHA256

      fc729002ac4f2ca65757920fe60351d318b329d854cbf709addf0761d0c68664

    • SHA512

      949ab8bdb2e60941231faa2e744a78c8f7153536013296c459d025ce67ecd7bcf38c8f024fe4d7d79c0cc973781a4725ff07a2d1a32bb9286c0f41fcac6ebe96

    • SSDEEP

      49152:LTQrHkWhCQyTmeBm/o56gJetPDI+55De8dKbfstgi/:WCrTPm/osgJi8+fzkfs//

    Score
    10/10
    bitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks