bitrat | 46384028b4c21ce3ed937de84665be89cb78cad140c85a63806f7ebf0a23ce88 | Triage

Submit
Reports

Overview

overview

Static

static

3

9edc6bd636...5a.exe

windows7-x64

9edc6bd636...5a.exe

windows10-2004-x64

Sharing

General

Target

9edc6bd6360c3d3e593e6f63353fe45a
Size

2.0MB
Sample

240215-3j458scb84
MD5

9edc6bd6360c3d3e593e6f63353fe45a
SHA1

9f305ba70a0b5056dd1934a83acfb7cc04618de6
SHA256

46384028b4c21ce3ed937de84665be89cb78cad140c85a63806f7ebf0a23ce88
SHA512

b1ea3103dfabba16fc3169eb5105fa4d22573d4f62beba0c1d99fae7500a8cf9ecc4330f0058fa363bb607f7cee6365e0eeb6471c3606097625a81132213aa69
SSDEEP

49152:8U/koHM0rGpSTFS/bOx7wqylkFTJFeUboERX3a5a8J2Ldv:8U/kosSGpSTkD3+FVFfX3Z/L

Score

10^/10

bitrat persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9edc6bd6360c3d3e593e6f63353fe45a.exe

Resource

win7-20231215-en

bitrat persistence trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

9edc6bd6360c3d3e593e6f63353fe45a.exe

Resource

win10v2004-20231222-en

bitrat persistence trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

jairoandresotalvarorend.linkpc.net:9085

Attributes

communication_password
bfdba24ee3d61f0260c4dc1034c3ee43
install_dir
Googlechromeinite
install_file
Googlechromeinit.exe
tor_process
tor

Targets

- Target
  
  9edc6bd6360c3d3e593e6f63353fe45a
- Size
  
  2.0MB
- MD5
  
  9edc6bd6360c3d3e593e6f63353fe45a
- SHA1
  
  9f305ba70a0b5056dd1934a83acfb7cc04618de6
- SHA256
  
  46384028b4c21ce3ed937de84665be89cb78cad140c85a63806f7ebf0a23ce88
- SHA512
  
  b1ea3103dfabba16fc3169eb5105fa4d22573d4f62beba0c1d99fae7500a8cf9ecc4330f0058fa363bb607f7cee6365e0eeb6471c3606097625a81132213aa69
- SSDEEP
  
  49152:8U/koHM0rGpSTFS/bOx7wqylkFTJFeUboERX3a5a8J2Ldv:8U/kosSGpSTkD3+FVFfX3Z/L
Score

10^/10

bitrat persistence trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitratpersistencetrojanupx

behavioral2

bitratpersistencetrojanupx

© 2018-2024

Terms | Privacy