bitrat | 902db07687a97742aa5aee6a87347a01d451939de8f022420438c73e86f96ad1 | Triage

Submit
Reports

Overview

overview

Static

static

101.exe

windows7-x64

7

101.exe

windows10-2004-x64

7

Sharing

General

Target

101.exe
Size

7.8MB
Sample

230630-psd4hscf31
MD5

ee321094b8da5433e4006e9630c7db9e
SHA1

75934147c72f8f3ff4db06607b153689fd76f90b
SHA256

902db07687a97742aa5aee6a87347a01d451939de8f022420438c73e86f96ad1
SHA512

26a323c2de192f17c23bd96466326e78bc062b8761bc09635aa7c9c895b71e7c7e31bfb4e846c36a40953657125d52e38ec9e5254966e66a27def40f56e3d4dc
SSDEEP

196608:LIRcbH4jSteTGvgxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOf:LdHsfugxwZ6v1CPwDv3uFteg2EeJUO9E

Score

10^/10

bitrat upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

101.exe

Resource

win7-20230621-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

101.exe

Resource

win10v2004-20230621-en

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

tcki6mrrcnrt33qy52viv7m64y6hepkv646nnzglrkbgytyt6b2hdrid.onion:80

Attributes

communication_password
827ccb0eea8a706c4c34a16891f84e7b
tor_process
dllhost

Targets

- Target
  
  101.exe
- Size
  
  7.8MB
- MD5
  
  ee321094b8da5433e4006e9630c7db9e
- SHA1
  
  75934147c72f8f3ff4db06607b153689fd76f90b
- SHA256
  
  902db07687a97742aa5aee6a87347a01d451939de8f022420438c73e86f96ad1
- SHA512
  
  26a323c2de192f17c23bd96466326e78bc062b8761bc09635aa7c9c895b71e7c7e31bfb4e846c36a40953657125d52e38ec9e5254966e66a27def40f56e3d4dc
- SSDEEP
  
  196608:LIRcbH4jSteTGvgxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOf:LdHsfugxwZ6v1CPwDv3uFteg2EeJUO9E
Score

7^/10

upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Connection Proxy

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy