bitrat | 437ad80eaa637caba6237c5ecb0b4d328bb8131a45905088b2441bdfa021b598 | Triage

Submit
Reports

Overview

overview

Static

static

3

6921152042...12.exe

windows7-x64

6921152042...12.exe

windows10-2004-x64

Sharing

General

Target

69211520423fa18fde09eee360343412
Size

6.5MB
Sample

240120-bs2b6aheh8
MD5

69211520423fa18fde09eee360343412
SHA1

dba822c016a18500e40723c7e96fa0894f025d06
SHA256

437ad80eaa637caba6237c5ecb0b4d328bb8131a45905088b2441bdfa021b598
SHA512

3378bc9725b187e9ed5be3f775c88153cfe49f053a1b1d5d0cee3d056289a4afd7ee1bbef86d8be8b7e497a244f143a29a983f8cf701f8e46338b9f23569ba97
SSDEEP

98304:Ld5VJppwXSyo8skn3moI25UzSOVRBKrCqflZ+VJscvKgFl8jD:LBpOwu2t26uqRsnf2VXvD6j

Score

10^/10

bitrat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

69211520423fa18fde09eee360343412.exe

Resource

win7-20231215-en

bitrat trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

69211520423fa18fde09eee360343412.exe

Resource

win10v2004-20231215-en

bitrat trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.35

C2

4napo6g3cp6av4hmxmwzi5lyojpfk3i2kl2tpssb2wvidqsa3kzo6eyd.onion:80

Attributes

communication_password
e10adc3949ba59abbe56e057f20f883e
tor_process
windows32file

Targets

- Target
  
  69211520423fa18fde09eee360343412
- Size
  
  6.5MB
- MD5
  
  69211520423fa18fde09eee360343412
- SHA1
  
  dba822c016a18500e40723c7e96fa0894f025d06
- SHA256
  
  437ad80eaa637caba6237c5ecb0b4d328bb8131a45905088b2441bdfa021b598
- SHA512
  
  3378bc9725b187e9ed5be3f775c88153cfe49f053a1b1d5d0cee3d056289a4afd7ee1bbef86d8be8b7e497a244f143a29a983f8cf701f8e46338b9f23569ba97
- SSDEEP
  
  98304:Ld5VJppwXSyo8skn3moI25UzSOVRBKrCqflZ+VJscvKgFl8jD:LBpOwu2t26uqRsnf2VXvD6j
Score

10^/10

bitrat trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bitrattrojanupx

behavioral2

bitrattrojanupx

© 2018-2024

Terms | Privacy