bitrat | 601791d7f0ada13fddc770075ac3c84e1d4bf1fb465fcc0ce4e61188bad71df8 | Triage

Submit
Reports

Overview

overview

Static

static

fb014da9ca...95.exe

windows7-x64

fb014da9ca...95.exe

windows10-2004-x64

Sharing

General

Target

a55abea61f25414c01c29d001935c33d.bin
Size

1.4MB
Sample

230306-b1yw1ahf61
MD5

332b409f9ee565e6c0146c205229b2d5
SHA1

38bdbaab72df40492e070a63974f8dbdbc5e3e1a
SHA256

601791d7f0ada13fddc770075ac3c84e1d4bf1fb465fcc0ce4e61188bad71df8
SHA512

bf3c4ca53b7b8074c1d8cdbd07e4b4268199786f2c8c44adb3baf529221dc501bfcf1e4592c9f12663890e101d38df49e8618e9687303b7fbdac887670f28370
SSDEEP

24576:UVjJhE5EhgGmJ2v8GtFCdfApJXkOztFXAbflDapGJAAzWNPfLMxD4H:UtTE2RmGv7XnnGagpePImH

Score

10^/10

bitrat neshta persistence spyware stealer trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

fb014da9ca6b3a47dc1b6a41baa61a9625e78c19d608eefdb495cc0fa9653295.exe

Resource

win7-20230220-en

bitrat neshta persistence spyware stealer trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

fb014da9ca6b3a47dc1b6a41baa61a9625e78c19d608eefdb495cc0fa9653295.exe

Resource

win10v2004-20230220-en

bitrat neshta persistence spyware stealer trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

185.81.157.28:2030

Attributes

communication_password
81dc9bdb52d04dc20036dbd8313ed055
tor_process
tor

Targets

- Target
  
  fb014da9ca6b3a47dc1b6a41baa61a9625e78c19d608eefdb495cc0fa9653295.exe
- Size
  
  1.5MB
- MD5
  
  a55abea61f25414c01c29d001935c33d
- SHA1
  
  89dfb5a898440ac55e40d73ee1b60a9c5aaa4700
- SHA256
  
  fb014da9ca6b3a47dc1b6a41baa61a9625e78c19d608eefdb495cc0fa9653295
- SHA512
  
  5c449a3d024bffea9f5881e4add826b1e8d92023b3ce473c17484a5a7292c4542e9133d0be06aff60f8717a7d120b568ec04a1c2ef671df2819853097bc3749b
- SSDEEP
  
  24576:udRKZCy2BrhCeU2i2cJijFbCBTPmiY05tJMSQp5ysA7Yg1nLkznHv/A0jT1v9:uXDFBU2iIBb0xY/6sUYYCHnAm
Score

10^/10

bitrat neshta persistence spyware stealer trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratneshtapersistencespywarestealertrojanupx

behavioral2

bitratneshtapersistencespywarestealertrojanupx

© 2018-2024

Terms | Privacy