Overview

overview

10

Static

static

3

jbit.exe

windows7-x64

3

jbit.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    jbit.exe

  • Size

    81.1MB

  • Sample

    230805-3tmc6sgf41

  • MD5

    8eda3b52a16bb07d5a03441c10296502

  • SHA1

    35ac1bafbedf456bf4cca1606673501a5200e623

  • SHA256

    23abe80bf01902aca2c57c6494ef60780187a870d01d964790306a10b3fa23ad

  • SHA512

    9f9e09c7b1645785d560f6cdd408714a544ef058197731626cf66d8708b43ef35b7116c7b5a15986fb7b11ff3513387db97e06dae42650ab0310ece0c943cac8

  • SSDEEP

    1572864:bUSBvWtkRbCHf7RKxFOBS/DllaKg1h6xyPbm2oXMyOwGR2sedKdiizqZ4ujuw5b9:bRBvw4wDqFWS/DDumMP63XVXY2sedKdM

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

backu4734.duckdns.org:7904

Attributes
  • communication_password

    202cb962ac59075b964b07152d234b70

  • tor_process

    tor

Targets

    • Target

      jbit.exe

    • Size

      81.1MB

    • MD5

      8eda3b52a16bb07d5a03441c10296502

    • SHA1

      35ac1bafbedf456bf4cca1606673501a5200e623

    • SHA256

      23abe80bf01902aca2c57c6494ef60780187a870d01d964790306a10b3fa23ad

    • SHA512

      9f9e09c7b1645785d560f6cdd408714a544ef058197731626cf66d8708b43ef35b7116c7b5a15986fb7b11ff3513387db97e06dae42650ab0310ece0c943cac8

    • SSDEEP

      1572864:bUSBvWtkRbCHf7RKxFOBS/DllaKg1h6xyPbm2oXMyOwGR2sedKdiizqZ4ujuw5b9:bRBvw4wDqFWS/DDumMP63XVXY2sedKdM

    Score
    10/10
    bitrattrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • Drops startup file

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks