bitrat | 2a5860280179b24de91f70165fb736afa5947cefb5c33c63202c7d8c5d00d1d0 | Triage

Submit
Reports

Overview

overview

Static

static

3

80dcd56f6d...95.exe

windows7-x64

80dcd56f6d...95.exe

windows10-2004-x64

Sharing

General

Target

80dcd56f6d8e3324d715736b66858795
Size

7.9MB
Sample

240129-zwty9aafh6
MD5

80dcd56f6d8e3324d715736b66858795
SHA1

5b94991f56910b4bac99bef952ce88c740883b4d
SHA256

2a5860280179b24de91f70165fb736afa5947cefb5c33c63202c7d8c5d00d1d0
SHA512

d9e0d10a5c11ec3e3ccb62e448f9be9c6287ae118cc7c84f2012999b35836688946dd3a05b046daf370870fadcec2f690850f25f5811400572639de0554e135b
SSDEEP

196608:LK8mrs8c1/ohqLBhTZEIN+8y2CVoW1a+QKON:tmrsChqNby2CB1a+

Score

10^/10

bitrat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

80dcd56f6d8e3324d715736b66858795.exe

Resource

win7-20231215-en

bitrat trojan upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

80dcd56f6d8e3324d715736b66858795.exe

Resource

win10v2004-20231215-en

bitrat trojan upx

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

178.20.40.235:5555

Attributes

communication_password
cc86a50fb8f3c4840cb346a0829f64a2
tor_process
tor

Targets

- Target
  
  80dcd56f6d8e3324d715736b66858795
- Size
  
  7.9MB
- MD5
  
  80dcd56f6d8e3324d715736b66858795
- SHA1
  
  5b94991f56910b4bac99bef952ce88c740883b4d
- SHA256
  
  2a5860280179b24de91f70165fb736afa5947cefb5c33c63202c7d8c5d00d1d0
- SHA512
  
  d9e0d10a5c11ec3e3ccb62e448f9be9c6287ae118cc7c84f2012999b35836688946dd3a05b046daf370870fadcec2f690850f25f5811400572639de0554e135b
- SSDEEP
  
  196608:LK8mrs8c1/ohqLBhTZEIN+8y2CVoW1a+QKON:tmrsChqNby2CB1a+
Score

10^/10

bitrat trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Suspicious use of NtCreateProcessExOtherParentProcess
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bitrattrojanupx

behavioral2

bitrattrojanupx

© 2018-2024

Terms | Privacy