bitrat | db5d4a5090c7303616f88db08a22abc975804ae1abdef9740c208c004648255b | Triage

Submit
Reports

Overview

overview

Static

static

3

024cde85d1...ad.exe

windows7-x64

7

024cde85d1...ad.exe

windows10-2004-x64

Sharing

General

Target

024cde85d1a11c1b2e6749ec80b50fad
Size

2.8MB
Sample

231229-ylbjgsfahl
MD5

024cde85d1a11c1b2e6749ec80b50fad
SHA1

5f7226f27b0106f6050ce61d78e9c0fc8cfb8373
SHA256

db5d4a5090c7303616f88db08a22abc975804ae1abdef9740c208c004648255b
SHA512

5016d4eb26602300e49365186ce768026ac73927f41773883a6fc43376b622bc76a2d72d675cfa29224540cf82f8291a9ed03b0d5b762678d30b29f963ee7ccc
SSDEEP

49152:KynUHNR9PKXUm1WHyilGSvn/5Kaq1rO5n8UXRaa/B03ak8JqFJ7BHKQk6j:KyUHNjSXUmIHy8Zv/Uaq1yJqak8JqbFR

Score

10^/10

bitrat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

024cde85d1a11c1b2e6749ec80b50fad.exe

Resource

win7-20231215-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

024cde85d1a11c1b2e6749ec80b50fad.exe

Resource

win10v2004-20231215-en

bitrat trojan upx

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  024cde85d1a11c1b2e6749ec80b50fad
- Size
  
  2.8MB
- MD5
  
  024cde85d1a11c1b2e6749ec80b50fad
- SHA1
  
  5f7226f27b0106f6050ce61d78e9c0fc8cfb8373
- SHA256
  
  db5d4a5090c7303616f88db08a22abc975804ae1abdef9740c208c004648255b
- SHA512
  
  5016d4eb26602300e49365186ce768026ac73927f41773883a6fc43376b622bc76a2d72d675cfa29224540cf82f8291a9ed03b0d5b762678d30b29f963ee7ccc
- SSDEEP
  
  49152:KynUHNR9PKXUm1WHyilGSvn/5Kaq1rO5n8UXRaa/B03ak8JqFJ7BHKQk6j:KyUHNjSXUmIHy8Zv/Uaq1yJqak8JqbFR
Score

10^/10

bitrat trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- BitRAT payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bitrattrojanupx

© 2018-2024

Terms | Privacy