bitrat | 6d9ae2b15c6995be94b84f2a1d86fc8945594215678711318c88a447263a201e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

4910d6a232...9a.exe

windows7-x64

4910d6a232...9a.exe

windows10-2004-x64

Sharing

General

Target

4910d6a23280578ab838476ea8bfdc9a
Size

2.3MB
Sample

240107-qc6dhahah6
MD5

4910d6a23280578ab838476ea8bfdc9a
SHA1

7075d8998729640a7adb8f9ddfacba408bdf3109
SHA256

6d9ae2b15c6995be94b84f2a1d86fc8945594215678711318c88a447263a201e
SHA512

f1942ff2e88a1f627c28011cc1bfbb54dfd3de70d7566e459eb1c88221c6be139161bbef137e814be78351e25d4c477afc101c4a46dae36247dbdc50bb8b50fa
SSDEEP

49152:gv2T1elN3tjmR35wgI46vntTd2sIDzh3emlFAlPTmow+VM:tBYN9SDwu6xIs4zhOmbAlPo+2

Score

10^/10

bitrat persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4910d6a23280578ab838476ea8bfdc9a.exe

Resource

win7-20231215-en

bitrat persistence trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

4910d6a23280578ab838476ea8bfdc9a.exe

Resource

win10v2004-20231215-en

bitrat persistence trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

jairoandresotalvarorend.linkpc.net:9082

Attributes

communication_password
bfdba24ee3d61f0260c4dc1034c3ee43
install_dir
sophosavsdefender
install_file
sophosavsdefender.exe
tor_process
tor

Targets

- Target
  
  4910d6a23280578ab838476ea8bfdc9a
- Size
  
  2.3MB
- MD5
  
  4910d6a23280578ab838476ea8bfdc9a
- SHA1
  
  7075d8998729640a7adb8f9ddfacba408bdf3109
- SHA256
  
  6d9ae2b15c6995be94b84f2a1d86fc8945594215678711318c88a447263a201e
- SHA512
  
  f1942ff2e88a1f627c28011cc1bfbb54dfd3de70d7566e459eb1c88221c6be139161bbef137e814be78351e25d4c477afc101c4a46dae36247dbdc50bb8b50fa
- SSDEEP
  
  49152:gv2T1elN3tjmR35wgI46vntTd2sIDzh3emlFAlPTmow+VM:tBYN9SDwu6xIs4zhOmbAlPo+2
Score

10^/10

bitrat persistence trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratpersistencetrojanupx

behavioral2

bitratpersistencetrojanupx

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.