bitrat | 84c32cb403361a5d8d8117cf941b89c6c819ac453a0e1f411eb5c2952cc35e7c | Triage

Submit
Reports

Overview

overview

Static

static

3

a76da3ab31...ba.exe

windows7-x64

a76da3ab31...ba.exe

windows10-2004-x64

Sharing

General

Target

a76da3ab31bd142881d3cc05b3903dba
Size

1.9MB
Sample

240226-1lwkrshc8v
MD5

a76da3ab31bd142881d3cc05b3903dba
SHA1

8b168865e07098254456c4bde49f0892e42ae2b1
SHA256

84c32cb403361a5d8d8117cf941b89c6c819ac453a0e1f411eb5c2952cc35e7c
SHA512

064a326303e24160ef5a27fa4843d98c1df545e5bcd077b25dfd1abd5cb7ee7a142edf4176a16ff0972ebcaada9604cd23ee14c01251c223336260669a010fff
SSDEEP

24576:CjmjQcndRKZCy2BrhCeU2i2cJijFbCBTPmiY05tJMSQp5ysA7Yg1nLkziEmTxp+x:vQmXDFBU2iIBb0xY/6sUYYRLDIP

Score

10^/10

bitrat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a76da3ab31bd142881d3cc05b3903dba.exe

Resource

win7-20240221-en

bitrat trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

a76da3ab31bd142881d3cc05b3903dba.exe

Resource

win10v2004-20240226-en

bitrat trojan upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

79.134.225.90:4898

Attributes

communication_password
7fcc5163240be484c36ebae222f656b3
tor_process
tor

Targets

- Target
  
  a76da3ab31bd142881d3cc05b3903dba
- Size
  
  1.9MB
- MD5
  
  a76da3ab31bd142881d3cc05b3903dba
- SHA1
  
  8b168865e07098254456c4bde49f0892e42ae2b1
- SHA256
  
  84c32cb403361a5d8d8117cf941b89c6c819ac453a0e1f411eb5c2952cc35e7c
- SHA512
  
  064a326303e24160ef5a27fa4843d98c1df545e5bcd077b25dfd1abd5cb7ee7a142edf4176a16ff0972ebcaada9604cd23ee14c01251c223336260669a010fff
- SSDEEP
  
  24576:CjmjQcndRKZCy2BrhCeU2i2cJijFbCBTPmiY05tJMSQp5ysA7Yg1nLkziEmTxp+x:vQmXDFBU2iIBb0xY/6sUYYRLDIP
Score

10^/10

bitrat trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bitrattrojanupx

behavioral2

bitrattrojanupx

© 2018-2024

Terms | Privacy