bitrat | c719392010e985181bc9dd1dd5e6ae8a3e3717ef8f4a541554df57f725008d2f | Triage

Submit
Reports

Overview

overview

Static

static

DDoS Panel V3.exe

windows7-x64

DDoS Panel V3.exe

windows10-1703-x64

DDoS Panel V3.exe

windows10-2004-x64

Sharing

General

Target

DDoS Panel V3.exe
Size

8.2MB
Sample

230304-zs2vpaec3v
MD5

17f1879dec133b8328417891d6ca2c23
SHA1

caa3b816c9f0c4d7445787599c8475ac7b71339c
SHA256

c719392010e985181bc9dd1dd5e6ae8a3e3717ef8f4a541554df57f725008d2f
SHA512

fa103d3931bfb7b7acf8dc2ed3859768de32b4b53a1be188036011aeac615e80737d3eb0bb76a4bc2c34cf221da0cc0fdad6c38d876b12341c6253e376da7e47
SSDEEP

196608:NIRcbH4jSteTGv6xwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOfI:NdHsfu6xwZ6v1CPwDv3uFteg2EeJUO9k

Score

10^/10

bitrat persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

DDoS Panel V3.exe

Resource

win7-20230220-en

bitrat persistence trojan upx

windows7-x64

16 signatures

300 seconds

Behavioral task

behavioral2

Sample

DDoS Panel V3.exe

Resource

win10-20230220-en

bitrat persistence trojan upx

windows10-1703-x64

14 signatures

300 seconds

Behavioral task

behavioral3

Sample

DDoS Panel V3.exe

Resource

win10v2004-20230220-en

bitrat persistence trojan upx

windows10-2004-x64

15 signatures

300 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

sef7qgz77oamhl5gimls62lekmig5ormf6dcgftblhaxt2cn7emkbuid.onion:80

Attributes

communication_password
81dc9bdb52d04dc20036dbd8313ed055
install_dir
appdata
install_file
HealthCheck
tor_process
WebSvc

Targets

- Target
  
  DDoS Panel V3.exe
- Size
  
  8.2MB
- MD5
  
  17f1879dec133b8328417891d6ca2c23
- SHA1
  
  caa3b816c9f0c4d7445787599c8475ac7b71339c
- SHA256
  
  c719392010e985181bc9dd1dd5e6ae8a3e3717ef8f4a541554df57f725008d2f
- SHA512
  
  fa103d3931bfb7b7acf8dc2ed3859768de32b4b53a1be188036011aeac615e80737d3eb0bb76a4bc2c34cf221da0cc0fdad6c38d876b12341c6253e376da7e47
- SSDEEP
  
  196608:NIRcbH4jSteTGv6xwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOfI:NdHsfu6xwZ6v1CPwDv3uFteg2EeJUO9k
Score

10^/10

bitrat persistence trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratpersistencetrojanupx

behavioral2

bitratpersistencetrojanupx

behavioral3

bitratpersistencetrojanupx

© 2018-2024

Terms | Privacy