bitrat | a33ef1aeacaaab00c46cccf65a06b84f4d89399e53ee8aae9d0e6515a298f678 | Triage

Submit
Reports

Overview

overview

Static

static

COPY0001.exe

windows7-x64

COPY0001.exe

windows10-2004-x64

9

Sharing

General

Target

a33ef1aeacaaab00c46cccf65a06b84f4d89399e53ee8aae9d0e6515a298f678
Size

1.8MB
Sample

240226-1mp5dahd2y
MD5

421f90c576a980bc45f3e35f7781c8b0
SHA1

fd68fb8cef3cea50bab8b8e83fdb2d0f40aeb9b9
SHA256

a33ef1aeacaaab00c46cccf65a06b84f4d89399e53ee8aae9d0e6515a298f678
SHA512

2fdd89cfcddc908503d8c3096040709bd50567e2786c6f1244ed7ec0852dfdda468dad4163adbd7101c1fed4dd0ac50526195adfa9ca5b1ee76f43db4e02d3fc
SSDEEP

49152:vSAI96OhipsQwMinMPosfR39joN+GSvB7mCUMwzI3:6AoisjMBPLp32tSvQ14

Score

10^/10

bitrat trojan upx

Static task

static1

6 signatures

Behavioral task

behavioral1

Sample

COPY0001.exe

Resource

win7-20240221-en

bitrat trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

COPY0001.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

dorimebit.duckdns.org:2030

Attributes

communication_password
827ccb0eea8a706c4c34a16891f84e7b
tor_process
tor

Targets

- Target
  
  COPY0001.exe
- Size
  
  300.0MB
- MD5
  
  ef077d3465b442673296cee268e2973a
- SHA1
  
  438ec36e4cc7cad870740c5e926753f04baa1958
- SHA256
  
  f68ccb24ae1039fdfe224fd82d46e2a30e2b082d923c92510162218d453e2cfe
- SHA512
  
  e53eaa044e8da60afc25f785953b4272eb684391fee5ee32c8c35946c7324ef5dfd4d4cdd9a6ad71eb7c7717fa2d1f40cead8ae5c7c5273ef3a030fdd60091ed
- SSDEEP
  
  49152:YwTaSh6OnQVq2ky+jEnogf1L79QxEGIvbDmCwM4BIdN90L:fTaOsqdy1nzdLOfIvm7
Score

10^/10

bitrat trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Detects executables packed with Babel
- Detects executables packed with Dotfuscator
- Detects executables packed with Goliath
- Detects executables packed with SmartAssembly
- Detects executables packed with dotNetProtector
- UPX dump on OEP (original entry point)
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bitrattrojanupx

behavioral2

© 2018-2024

Terms | Privacy