bitrat | 29dd2b13f081a0c7f8312c4b4c433ccdcc3b3a83b91a16a88393370dda44f60b | Triage

Submit
Reports

Overview

overview

Static

static

3

2ab11c37b8...63.exe

windows7-x64

2ab11c37b8...63.exe

windows10-2004-x64

Sharing

General

Target

2ab11c37b84f87c8f05bbd7997648e63
Size

1.7MB
Sample

231231-gj25zsbef5
MD5

2ab11c37b84f87c8f05bbd7997648e63
SHA1

317b103a0b4cb143a1e26a46f15c550850f46645
SHA256

29dd2b13f081a0c7f8312c4b4c433ccdcc3b3a83b91a16a88393370dda44f60b
SHA512

782ba79e5f521968cc596c091e29a1d9d55c4a91488bbcfb1eb463850a405d9e3ebc09da08c5002c415a68f30f19e3654ccdf23274f4f9b004a254da25d41d02
SSDEEP

49152:vS4/sAt6LKa0qrxt0fHuv4B9ZKOZLNk+ZgXFebV:Hrqroi6ZjLmwbV

Score

10^/10

bitrat zgrat rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2ab11c37b84f87c8f05bbd7997648e63.exe

Resource

win7-20231215-en

bitrat zgrat rat trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

2ab11c37b84f87c8f05bbd7997648e63.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

eter102.dvrlists.com:3050

Attributes

communication_password
fea0f7015af40ae69a386f06f28a8d31
tor_process
tor

Targets

- Target
  
  2ab11c37b84f87c8f05bbd7997648e63
- Size
  
  1.7MB
- MD5
  
  2ab11c37b84f87c8f05bbd7997648e63
- SHA1
  
  317b103a0b4cb143a1e26a46f15c550850f46645
- SHA256
  
  29dd2b13f081a0c7f8312c4b4c433ccdcc3b3a83b91a16a88393370dda44f60b
- SHA512
  
  782ba79e5f521968cc596c091e29a1d9d55c4a91488bbcfb1eb463850a405d9e3ebc09da08c5002c415a68f30f19e3654ccdf23274f4f9b004a254da25d41d02
- SSDEEP
  
  49152:vS4/sAt6LKa0qrxt0fHuv4B9ZKOZLNk+ZgXFebV:Hrqroi6ZjLmwbV
Score

10^/10

bitrat zgrat rat trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratzgratrattrojanupx

behavioral2

© 2018-2025

Terms | Privacy