bitrat | ccac95c8b3ec87ba50e8eaed511e9f1691c8efdded4368d63ab0740283905791 | Triage

Submit
Reports

Overview

overview

Static

static

immi.exe

windows7-x64

immi.exe

windows10-2004-x64

Sharing

General

Target

immi.bin
Size

7.8MB
Sample

230710-qd6qnabe5z
MD5

49c5906689498f487597cc1cb84e3a35
SHA1

338c319eeb28554df9aad957dd7f2676afb7e04e
SHA256

ccac95c8b3ec87ba50e8eaed511e9f1691c8efdded4368d63ab0740283905791
SHA512

f97f72ea65123b64f049404f26094249b8fffcf118d803aaddef0393cde67f15a603eb4a468cfc6f48b5eac345d48da1c7a5cde086ec7993adafd44474747c03
SSDEEP

196608:oIRcbH4jSteTGvIxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOf:odHsfuIxwZ6v1CPwDv3uFteg2EeJUO9E

Score

10^/10

bitrat persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

immi.exe

Resource

win7-20230703-en

bitrat persistence trojan upx

windows7-x64

12 signatures

30 seconds

Behavioral task

behavioral2

Sample

immi.exe

Resource

win10v2004-20230703-en

bitrat persistence trojan upx

windows10-2004-x64

14 signatures

30 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

xdjnibkfm366vswudhfwb5gaihqxkxvov7q6gv3fqcm3bw46b5rydsqd.onion:0

Attributes

communication_password
71d39b7aa9389d5c64a2440993bcfa3b
install_dir
Install path
install_file
Install name
tor_process
tor

Targets

- Target
  
  immi.bin
- Size
  
  7.8MB
- MD5
  
  49c5906689498f487597cc1cb84e3a35
- SHA1
  
  338c319eeb28554df9aad957dd7f2676afb7e04e
- SHA256
  
  ccac95c8b3ec87ba50e8eaed511e9f1691c8efdded4368d63ab0740283905791
- SHA512
  
  f97f72ea65123b64f049404f26094249b8fffcf118d803aaddef0393cde67f15a603eb4a468cfc6f48b5eac345d48da1c7a5cde086ec7993adafd44474747c03
- SSDEEP
  
  196608:oIRcbH4jSteTGvIxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOf:odHsfuIxwZ6v1CPwDv3uFteg2EeJUO9E
Score

10^/10

bitrat persistence trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bitratpersistencetrojanupx

behavioral2

bitratpersistencetrojanupx

© 2018-2024

Terms | Privacy