bitrat | stub[.]exe | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

stub.exe

windows7-x64

stub.exe

windows10-2004-x64

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

stub.exe

Resource

win7-20230220-en

bitrat persistence trojan

windows7-x64

6 signatures

600 seconds

Behavioral task

behavioral2

Sample

stub.exe

Resource

win10v2004-20230220-en

bitrat xenarmor collection password persistence recovery spyware stealer trojan upx

windows10-2004-x64

23 signatures

600 seconds

General

Target

stub.exe
Size

3.8MB
MD5

d5cad087973fab0104f92810bbf16871
SHA1

ced93e48beea62c6e444cdb8ae5ea2fbed72085d
SHA256

0a3d2686f9f3df3a943578869afa5b87e249dbcb41a1752626ba8948445fe1e9
SHA512

1497f30f44a9adfe1496ccc1dc5befe4736bf32e0862102b5a39ca6caadaa1f35023bc8d33ea88cbafd6962e07a92faa49d3a4c0e9e0e192c7f5829ca63ddd8b
SSDEEP

98304:d77Pmq33rE/JDLPWZADUGer7B6iY74M/JmlwXVZ4FB:5+R/eZADUXR

Score

10^/10

bitrat

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

soon-lp.at.ply.gg:17209

Attributes

communication_password
33d47f3d76b1b6a91406c01ef0ce5164
install_dir
BIRAT
install_file
svchost
tor_process
Tls_Connect

Signatures

Bitrat family
bitrat

Files

stub.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 687KB - Virtual size: 686KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy