bitrat | stub[.]exe | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

stub.exe

windows7-x64

stub.exe

windows10-2004-x64

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

stub.exe

Resource

win7-20230220-en

bitrat persistence trojan

windows7-x64

6 signatures

600 seconds

Behavioral task

behavioral2

Sample

stub.exe

Resource

win10v2004-20230220-en

bitrat xenarmor collection password persistence recovery spyware stealer trojan upx

windows10-2004-x64

23 signatures

600 seconds

General

Target

stub.exe
Size

3.8MB
MD5

d5cad087973fab0104f92810bbf16871
SHA1

ced93e48beea62c6e444cdb8ae5ea2fbed72085d
SHA256

0a3d2686f9f3df3a943578869afa5b87e249dbcb41a1752626ba8948445fe1e9
SHA512

1497f30f44a9adfe1496ccc1dc5befe4736bf32e0862102b5a39ca6caadaa1f35023bc8d33ea88cbafd6962e07a92faa49d3a4c0e9e0e192c7f5829ca63ddd8b
SSDEEP

98304:d77Pmq33rE/JDLPWZADUGer7B6iY74M/JmlwXVZ4FB:5+R/eZADUXR

Score

10^/10

bitrat

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

soon-lp.at.ply.gg:17209

Attributes

communication_password
33d47f3d76b1b6a91406c01ef0ce5164
install_dir
BIRAT
install_file
svchost
tor_process
Tls_Connect

Signatures

Bitrat family
bitrat

Files

stub.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 687KB - Virtual size: 686KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.