bitrat | 9974a9bc942c2a4dc356b1d2da911b1381485caa4ab630f201046d16d6cac528 | Triage

Submit
Reports

Overview

overview

Static

static

fb014da9ca...95.exe

windows7-x64

fb014da9ca...95.exe

windows10-2004-x64

Sharing

General

Target

fb014da9ca6b3a47dc1b6a41baa61a9625e78c19d608eefdb495cc0fa9653295.zip
Size

1.4MB
Sample

230321-rwhl8ada9x
MD5

6ef3bb3ec89106d3c2e05fa38443c412
SHA1

e51225eba6a7a947193e2eec8e3e7f117cde7269
SHA256

9974a9bc942c2a4dc356b1d2da911b1381485caa4ab630f201046d16d6cac528
SHA512

afd1699d6f5d7b4d06f4c07b508de21e97fde229c64b6ae178eb5038457cf6072f78801b0b51b79cd26f41a419549f194a30a5b021ec9657fedc52231cba5b23
SSDEEP

24576:qOiLYmmXp3RqBnR9ilaP8ClIGMfmYM73EQj+i7p5u1ZPh2o2p5jMEKJ6HOxnJy8M:ha18knR9iEPVlIbfmYMjEQshb2p5jMfU

Score

10^/10

bitrat neshta persistence spyware stealer trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

fb014da9ca6b3a47dc1b6a41baa61a9625e78c19d608eefdb495cc0fa9653295.exe

Resource

win7-20230220-en

bitrat neshta persistence spyware stealer trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

fb014da9ca6b3a47dc1b6a41baa61a9625e78c19d608eefdb495cc0fa9653295.exe

Resource

win10v2004-20230220-en

bitrat neshta persistence spyware stealer trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

185.81.157.28:2030

Attributes

communication_password
81dc9bdb52d04dc20036dbd8313ed055
tor_process
tor

Targets

- Target
  
  fb014da9ca6b3a47dc1b6a41baa61a9625e78c19d608eefdb495cc0fa9653295.exe
- Size
  
  1.5MB
- MD5
  
  a55abea61f25414c01c29d001935c33d
- SHA1
  
  89dfb5a898440ac55e40d73ee1b60a9c5aaa4700
- SHA256
  
  fb014da9ca6b3a47dc1b6a41baa61a9625e78c19d608eefdb495cc0fa9653295
- SHA512
  
  5c449a3d024bffea9f5881e4add826b1e8d92023b3ce473c17484a5a7292c4542e9133d0be06aff60f8717a7d120b568ec04a1c2ef671df2819853097bc3749b
- SSDEEP
  
  24576:udRKZCy2BrhCeU2i2cJijFbCBTPmiY05tJMSQp5ysA7Yg1nLkznHv/A0jT1v9:uXDFBU2iIBb0xY/6sUYYCHnAm
Score

10^/10

bitrat neshta persistence spyware stealer trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratneshtapersistencespywarestealertrojanupx

behavioral2

bitratneshtapersistencespywarestealertrojanupx

© 2018-2024

Terms | Privacy