bitrat | 9ea701c18c02ed5f5c0f9a2f095c0b568609f0735f2e39c572c67875071b01fc | Triage

Submit
Reports

Overview

overview

Static

static

sample.exe

windows7-x64

sample.exe

windows10-2004-x64

Sharing

General

Target

9d585faa0851666f34381200277b38a1bef136ecd062fc53b158aa1b323fdf10.bin.sample.gz
Size

5.4MB
Sample

240308-j3k2xsbd6z
MD5

e66762f7227f489e49478fd216c5350b
SHA1

6462dce9d97c01435ad7b1c610e9b01491b83df3
SHA256

9ea701c18c02ed5f5c0f9a2f095c0b568609f0735f2e39c572c67875071b01fc
SHA512

98ed27f33aed77bc9fc9c64dc2968349c223d3924b4b455724afc15cb9c83bc348880c9fa3b973bba702813dd1b7afe12774018178e9dfc054231da5e8eb76fe
SSDEEP

98304:8fgcht7rg3ONqAqIUAj8CMvIdiPXo4Ng6mNdHHQCWT+OAYcYLxvTHhJ1fyrdj3IF:8T7s7Vy8CYvXVN2NJe+LYcchJ1arC8Qp

Score

10^/10

bitrat trojan upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

sample.exe

Resource

win7-20240221-en

bitrat trojan upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

sample.exe

Resource

win10v2004-20240226-en

bitrat trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  sample
- Size
  
  5.6MB
- MD5
  
  a971f912044d0e4280b0e9b7c54765be
- SHA1
  
  ba9078e5a88f433414f6386bbbb4462173bdf254
- SHA256
  
  9d585faa0851666f34381200277b38a1bef136ecd062fc53b158aa1b323fdf10
- SHA512
  
  272a809f9f510e35763955a0af2814071ee95af51b6e95af3f25b144ed319cb7d47b7fbd409d393c532637836ef2252b1cef4d29c6b549b8eab585db3b43eaca
- SSDEEP
  
  98304:vyZ3LRUXR9GPj9rbdajRbINHkOeY7i8mRMoRLVkGqIf/m4BQ9K+3t2tVlsT/jCSr:vyZ3LRUXrATkItkOEbZL29K/t+K+QsTE
Score

10^/10

bitrat trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- BitRAT payload
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bitrattrojanupx

behavioral2

bitrattrojanupx

© 2018-2024

Terms | Privacy