bitrat | fb014da9ca6b3a47dc1b6a41baa61a9625e78c19d608eefdb495cc0fa9653295 | Triage

Submit
Reports

Overview

overview

Static

static

a55abea61f...3d.exe

windows7-x64

a55abea61f...3d.exe

windows10-2004-x64

Sharing

General

Target

a55abea61f25414c01c29d001935c33d.exe
Size

1.5MB
Sample

230304-zq1vlseb91
MD5

a55abea61f25414c01c29d001935c33d
SHA1

89dfb5a898440ac55e40d73ee1b60a9c5aaa4700
SHA256

fb014da9ca6b3a47dc1b6a41baa61a9625e78c19d608eefdb495cc0fa9653295
SHA512

5c449a3d024bffea9f5881e4add826b1e8d92023b3ce473c17484a5a7292c4542e9133d0be06aff60f8717a7d120b568ec04a1c2ef671df2819853097bc3749b
SSDEEP

24576:udRKZCy2BrhCeU2i2cJijFbCBTPmiY05tJMSQp5ysA7Yg1nLkznHv/A0jT1v9:uXDFBU2iIBb0xY/6sUYYCHnAm

Score

10^/10

bitrat neshta persistence spyware stealer trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

a55abea61f25414c01c29d001935c33d.exe

Resource

win7-20230220-en

bitrat neshta persistence spyware stealer trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

a55abea61f25414c01c29d001935c33d.exe

Resource

win10v2004-20230220-en

bitrat neshta persistence spyware stealer trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

185.81.157.28:2030

Attributes

communication_password
81dc9bdb52d04dc20036dbd8313ed055
tor_process
tor

Targets

- Target
  
  a55abea61f25414c01c29d001935c33d.exe
- Size
  
  1.5MB
- MD5
  
  a55abea61f25414c01c29d001935c33d
- SHA1
  
  89dfb5a898440ac55e40d73ee1b60a9c5aaa4700
- SHA256
  
  fb014da9ca6b3a47dc1b6a41baa61a9625e78c19d608eefdb495cc0fa9653295
- SHA512
  
  5c449a3d024bffea9f5881e4add826b1e8d92023b3ce473c17484a5a7292c4542e9133d0be06aff60f8717a7d120b568ec04a1c2ef671df2819853097bc3749b
- SSDEEP
  
  24576:udRKZCy2BrhCeU2i2cJijFbCBTPmiY05tJMSQp5ysA7Yg1nLkznHv/A0jT1v9:uXDFBU2iIBb0xY/6sUYYCHnAm
Score

10^/10

bitrat neshta persistence spyware stealer trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratneshtapersistencespywarestealertrojanupx

behavioral2

bitratneshtapersistencespywarestealertrojanupx

© 2018-2025

Terms | Privacy