Overview

overview

10

Static

static

3

jbit.exe

windows7-x64

3

jbit.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-08-2023 23:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    jbit.exe

  • Size

    81.1MB

  • MD5

    8eda3b52a16bb07d5a03441c10296502

  • SHA1

    35ac1bafbedf456bf4cca1606673501a5200e623

  • SHA256

    23abe80bf01902aca2c57c6494ef60780187a870d01d964790306a10b3fa23ad

  • SHA512

    9f9e09c7b1645785d560f6cdd408714a544ef058197731626cf66d8708b43ef35b7116c7b5a15986fb7b11ff3513387db97e06dae42650ab0310ece0c943cac8

  • SSDEEP

    1572864:bUSBvWtkRbCHf7RKxFOBS/DllaKg1h6xyPbm2oXMyOwGR2sedKdiizqZ4ujuw5b9:bRBvw4wDqFWS/DDumMP63XVXY2sedKdM

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

backu4734.duckdns.org:7904

Attributes
  • communication_password

    202cb962ac59075b964b07152d234b70

  • tor_process

    tor

Signatures

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat
  • Drops startup file 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\jbit.exe
    "C:\Users\Admin\AppData\Local\Temp\jbit.exe"
    1⤵
    • Drops startup file
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3968
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      2⤵
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3044-1226-0x0000000000400000-0x00000000007E4000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/3044-1228-0x00000000745C0000-0x00000000745F9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/3044-1236-0x0000000074960000-0x0000000074999000-memory.dmp

    Filesize

    228KB

    Download

  • memory/3044-1239-0x0000000074960000-0x0000000074999000-memory.dmp

    Filesize

    228KB

    Download

  • memory/3044-1240-0x0000000000400000-0x00000000007E4000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/3044-1249-0x0000000074960000-0x0000000074999000-memory.dmp

    Filesize

    228KB

    Download

  • memory/3044-1246-0x0000000074960000-0x0000000074999000-memory.dmp

    Filesize

    228KB

    Download

  • memory/3044-1243-0x0000000074960000-0x0000000074999000-memory.dmp

    Filesize

    228KB

    Download

  • memory/3968-163-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-171-0x0000000009F80000-0x0000000009F90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3968-138-0x0000000009FF0000-0x0000000009FFA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3968-139-0x0000000074770000-0x0000000074F20000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3968-140-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-141-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-143-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-145-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-147-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-149-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-151-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-153-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-155-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-157-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-159-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-161-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-136-0x000000000A040000-0x000000000A0D2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3968-165-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-167-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-169-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-172-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-137-0x0000000009F80000-0x0000000009F90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3968-174-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-176-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-178-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-180-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-182-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-184-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-186-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-188-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-190-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-192-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-194-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-196-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-198-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-135-0x000000000A5F0000-0x000000000AB94000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3968-134-0x00000000004E0000-0x00000000055F8000-memory.dmp

    Filesize

    81.1MB

    Download

  • memory/3968-133-0x0000000074770000-0x0000000074F20000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3968-200-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-202-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-204-0x000000000CAF0000-0x000000000CD08000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3968-1217-0x000000000BE30000-0x000000000BE31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3968-1224-0x0000000074770000-0x0000000074F20000-memory.dmp

    Filesize

    7.7MB

    Download