bitrat | 656399e157ed4116fd056b5e4889c25773d62c4862ccdf9646a3c27884d01576 | Triage

Submit
Reports

Overview

overview

Static

static

3

Shell.exe

windows7-x64

Shell.exe

windows10-2004-x64

7

Sharing

General

Target

Shell.7z
Size

1.6MB
Sample

240109-vrdn9agaa6
MD5

3d6f27af465677a62e2f72aee7e2c0f6
SHA1

234cb4f1333a53129ce8d58f4f37aefbf1f6d6df
SHA256

656399e157ed4116fd056b5e4889c25773d62c4862ccdf9646a3c27884d01576
SHA512

8338e2930f3e52fb8996b9ed7c30b27a665c2fb57c973da87effdb711724c3ab5b40f4ee60a849c1910d2fe1cd05b69327db0814aff7399e3a3546dc0751e169
SSDEEP

24576:YJeRO3VZAScexWdmv+eOel2gfc67JO7DaMwVYEyHyIa7x2qtfJrPPcArPiCVw7P6:YbKSadKAcE46q1yHyISPPcGVw7P6

Score

10^/10

bitrat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Shell.exe

Resource

win7-20231215-en

bitrat trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

Shell.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

doctorsbit.duckdns.org:4012

Attributes

communication_password
827ccb0eea8a706c4c34a16891f84e7b
tor_process
tor

Targets

- Target
  
  Shell.exe
- Size
  
  300.0MB
- MD5
  
  ee792a047fb2febbdadee7d476c96fc8
- SHA1
  
  ae71082d2321633e466489d37f29bfcec0913c8f
- SHA256
  
  d7d98d8f0c584f85bf88ba9d1b309cd92bdc35f2786decf7ee8adae1d5904f61
- SHA512
  
  6be6d06d64b949332f53f6411fd865a1c2832f57fdcce47e2afe1f8c78fa20fc248d3c950ee976a42969c590087fc64d7c2ebcc1d644eb40bc8948a7efcc6f28
- SSDEEP
  
  49152:WCbXXLwkHUqmLMe6TOh3ElWQKBUDwIx2Sfr5jIiMjt2:WmrwkH2Me6KmWQKBddSH
Score

10^/10

bitrat trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitrattrojanupx

behavioral2

© 2018-2025

Terms | Privacy