bitrat | 65042380ce216a24adb86812ca4e49957cd683b76ab07590ad335edbf5e21589 | Triage

Submit
Reports

Overview

overview

Static

static

0x00080000...95.exe

windows7-x64

0x00080000...95.exe

windows10-2004-x64

Sharing

General

Target

0x00080000000122dd-95.dat
Size

7.8MB
Sample

230321-dkpz9sae9x
MD5

e3286231ff166eaad0d44d4159ab069e
SHA1

454e3d63906361fe4189d9075cbcbde48bf03928
SHA256

65042380ce216a24adb86812ca4e49957cd683b76ab07590ad335edbf5e21589
SHA512

148a20df92c7bfefc7fe8979599213e03416b66530a3ba65e8205760bb3e2746cbb987894ec6f9cd6fb711437bfb821734ce1bed84d6230b29cdc55b078cf56b
SSDEEP

196608:oIRcbH4jSteTGv+xwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOf:odHsfu+xwZ6v1CPwDv3uFteg2EeJUO9E

Score

10^/10

bitrat persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0x00080000000122dd-95.exe

Resource

win7-20230220-en

bitrat persistence trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

0x00080000000122dd-95.exe

Resource

win10v2004-20230220-en

bitrat persistence trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

4napo6g3cp6av4hmxmwzi5lyojpfk3i2kl2tpssb2wvidqsa3kzo6eyd.onion:80

Attributes

communication_password
a47f89e7b85c1832b4df1ba9bfc8404f
install_dir
Chrome
install_file
Chrome.exe
tor_process
tor

Targets

- Target
  
  0x00080000000122dd-95.dat
- Size
  
  7.8MB
- MD5
  
  e3286231ff166eaad0d44d4159ab069e
- SHA1
  
  454e3d63906361fe4189d9075cbcbde48bf03928
- SHA256
  
  65042380ce216a24adb86812ca4e49957cd683b76ab07590ad335edbf5e21589
- SHA512
  
  148a20df92c7bfefc7fe8979599213e03416b66530a3ba65e8205760bb3e2746cbb987894ec6f9cd6fb711437bfb821734ce1bed84d6230b29cdc55b078cf56b
- SSDEEP
  
  196608:oIRcbH4jSteTGv+xwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOf:odHsfu+xwZ6v1CPwDv3uFteg2EeJUO9E
Score

10^/10

bitrat persistence trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratpersistencetrojanupx

behavioral2

bitratpersistencetrojanupx

© 2018-2024

Terms | Privacy