bitrat | aba8bad15949bd79d6b47939afbe4a8febf82eab89527f42a08836da9022d7b8 | Triage

Submit
Reports

Overview

overview

Static

static

workkkkkkkk2.exe

windows7-x64

workkkkkkkk2.exe

windows10-1703-x64

workkkkkkkk2.exe

windows10-2004-x64

Resubmissions

03-03-2023 16:50

230303-vcd2gaaa5v 10

03-03-2023 16:47

230303-vag1caaa4w 10

Sharing

General

Target

workkkkkkkk2.exe
Size

7.8MB
Sample

230303-vcd2gaaa5v
MD5

b42af31cea64330d0465bed0510089c0
SHA1

3cd6c9277fe07111548e1030834c98e2412a380a
SHA256

aba8bad15949bd79d6b47939afbe4a8febf82eab89527f42a08836da9022d7b8
SHA512

138e37e9fea7a7fc50c9f1ddb61326825c5bda4418dace39024baa2062cebabe84f3df32bef41df937bb7427c948bd08830ef71d572941f5d23b4c87c9aa66f3
SSDEEP

196608:oIRcbH4jSteTGvKxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOf:odHsfuKxwZ6v1CPwDv3uFteg2EeJUO9E

Score

10^/10

bitrat persistence ransomware trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

workkkkkkkk2.exe

Resource

win7-20230220-en

bitrat persistence trojan upx

windows7-x64

16 signatures

1800 seconds

Behavioral task

behavioral2

Sample

workkkkkkkk2.exe

Resource

win10-20230220-en

bitrat persistence ransomware trojan upx

windows10-1703-x64

16 signatures

1800 seconds

Behavioral task

behavioral3

Sample

workkkkkkkk2.exe

Resource

win10v2004-20230220-en

bitrat persistence trojan upx

windows10-2004-x64

14 signatures

1800 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

n7dua2r7ev3r6fsisszycs7fvy4a36epnfje5s7lz5eiduoxetqg55ad.onion:80

Attributes

communication_password
99754106633f94d350db34d548d6091a
install_dir
temp
install_file
test1
tor_process
test2

Targets

- Target
  
  workkkkkkkk2.exe
- Size
  
  7.8MB
- MD5
  
  b42af31cea64330d0465bed0510089c0
- SHA1
  
  3cd6c9277fe07111548e1030834c98e2412a380a
- SHA256
  
  aba8bad15949bd79d6b47939afbe4a8febf82eab89527f42a08836da9022d7b8
- SHA512
  
  138e37e9fea7a7fc50c9f1ddb61326825c5bda4418dace39024baa2062cebabe84f3df32bef41df937bb7427c948bd08830ef71d572941f5d23b4c87c9aa66f3
- SSDEEP
  
  196608:oIRcbH4jSteTGvKxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOf:odHsfuKxwZ6v1CPwDv3uFteg2EeJUO9E
Score

10^/10

bitrat persistence trojan upx ransomware
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Tasks

static1

behavioral1

bitratpersistencetrojanupx

behavioral2

bitratpersistenceransomwaretrojanupx

behavioral3

bitratpersistencetrojanupx

© 2018-2024

Terms | Privacy