bitrat | c30fc9bfc313a2fd1fa09265e08e93d086cd889c1f5f7e79fa9fe1a3feaad5be | Triage

Submit
Reports

Overview

overview

Static

static

3

118dc55daf...dd.exe

windows7-x64

118dc55daf...dd.exe

windows10-2004-x64

Sharing

General

Target

118dc55dafc395d36e6432306816cedd
Size

5.5MB
Sample

231230-hp7hbshgh3
MD5

118dc55dafc395d36e6432306816cedd
SHA1

0d70395fe14f4653b4d2b1e04306996ca7668dc1
SHA256

c30fc9bfc313a2fd1fa09265e08e93d086cd889c1f5f7e79fa9fe1a3feaad5be
SHA512

56ad5aa5276a8f5ff16af42f4dd7d29a8b4570a23d6868e6e81b132d015923028fcee83accca8acb174d2db51a05554f2bad3b502ea3a32adc843f68add81f9e
SSDEEP

98304:7l2eH5MynQqSDbvnA3/i5Z16dsxKn4L2kb0TNszipheT9kVO4v80abDOhgx:7l2GzS3vnm/i5P6drn4rbZGphy9kVz+r

Score

10^/10

bitrat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

118dc55dafc395d36e6432306816cedd.exe

Resource

win7-20231215-en

bitrat trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

118dc55dafc395d36e6432306816cedd.exe

Resource

win10v2004-20231215-en

bitrat trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

nwgj3ux4huyfgbrwj5i2uwbxdu2ddd33eqrpq44dwooaoqo4ntmpc6qd.onion:80

Attributes

communication_password
81dc9bdb52d04dc20036dbd8313ed055
tor_process
winasxp

Targets

- Target
  
  118dc55dafc395d36e6432306816cedd
- Size
  
  5.5MB
- MD5
  
  118dc55dafc395d36e6432306816cedd
- SHA1
  
  0d70395fe14f4653b4d2b1e04306996ca7668dc1
- SHA256
  
  c30fc9bfc313a2fd1fa09265e08e93d086cd889c1f5f7e79fa9fe1a3feaad5be
- SHA512
  
  56ad5aa5276a8f5ff16af42f4dd7d29a8b4570a23d6868e6e81b132d015923028fcee83accca8acb174d2db51a05554f2bad3b502ea3a32adc843f68add81f9e
- SSDEEP
  
  98304:7l2eH5MynQqSDbvnA3/i5Z16dsxKn4L2kb0TNszipheT9kVO4v80abDOhgx:7l2GzS3vnm/i5P6drn4rbZGphy9kVz+r
Score

10^/10

bitrat trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitrattrojanupx

behavioral2

bitrattrojanupx

© 2018-2024

Terms | Privacy