bitrat | 06f5ae2998205719e3541415641a8afc2f5d6877b50c860df066e0e95c7ed3f3 | Triage

Submit
Reports

Overview

overview

Static

static

time.exe

windows7-x64

7

time.exe

windows10-2004-x64

7

Sharing

General

Target

time.exe
Size

7.8MB
Sample

230826-zsw97sfa8y
MD5

03b9dd8b1e16ad5c2a605ad6b18493a7
SHA1

725f4473d8e09a8a9fcad2e8900dfb74623d4f18
SHA256

06f5ae2998205719e3541415641a8afc2f5d6877b50c860df066e0e95c7ed3f3
SHA512

8c5c077bd7575483b3601221b77e5b49b9acb7181fe73173dd5879cd19b6d517b5f2454390884ea87490da72cb2e37b5d476132f96415a68b209ce740c7b1c4f
SSDEEP

196608:LIRcbH4jSteTGvwxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOf:LdHsfuwxwZ6v1CPwDv3uFteg2EeJUO9E

Score

10^/10

bitrat upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

time.exe

Resource

win7-20230712-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

time.exe

Resource

win10v2004-20230703-en

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

tcki6mrrcnrt33qy52viv7m64y6hepkv646nnzglrkbgytyt6b2hdrid.onion:80

Attributes

communication_password
827ccb0eea8a706c4c34a16891f84e7b
tor_process
dllhost

Targets

- Target
  
  time.exe
- Size
  
  7.8MB
- MD5
  
  03b9dd8b1e16ad5c2a605ad6b18493a7
- SHA1
  
  725f4473d8e09a8a9fcad2e8900dfb74623d4f18
- SHA256
  
  06f5ae2998205719e3541415641a8afc2f5d6877b50c860df066e0e95c7ed3f3
- SHA512
  
  8c5c077bd7575483b3601221b77e5b49b9acb7181fe73173dd5879cd19b6d517b5f2454390884ea87490da72cb2e37b5d476132f96415a68b209ce740c7b1c4f
- SSDEEP
  
  196608:LIRcbH4jSteTGvwxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOf:LdHsfuwxwZ6v1CPwDv3uFteg2EeJUO9E
Score

7^/10

upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Proxy

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy