bitrat | 518e36189de0efd524a3d91bf2683b9d676e3638d8d81d8e37797eca863815dc | Triage

Submit
Reports

Overview

overview

Static

static

3

518e36189d...dc.exe

windows7-x64

518e36189d...dc.exe

windows10-2004-x64

Sharing

General

Target

518e36189de0efd524a3d91bf2683b9d676e3638d8d81d8e37797eca863815dc.exe
Size

10KB
Sample

240310-cm9xsaab8y
MD5

4adcf3b25fc1e5194ed8610591036f12
SHA1

23c738342205fecc7d8f5c7316a861f07b0e4922
SHA256

518e36189de0efd524a3d91bf2683b9d676e3638d8d81d8e37797eca863815dc
SHA512

5d5c8db777b87249c34615a7c316f0b40fb4d0c535e4554e19d5e45972d0c7719de0f4ab893736cf60e7c87c06ce62e28025c1ceb3aeb69da7e3dd777ae74e3b
SSDEEP

192:r+BmQx19wX6KpozKteihCilpDvUYTLpFeGKzwHV5:rM3COmQiUilRNTLreYV

Score

10^/10

bitrat persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

518e36189de0efd524a3d91bf2683b9d676e3638d8d81d8e37797eca863815dc.exe

Resource

win7-20240220-en

bitrat persistence trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

518e36189de0efd524a3d91bf2683b9d676e3638d8d81d8e37797eca863815dc.exe

Resource

win10v2004-20240226-en

bitrat persistence trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

carreor.ddns.net:53525

Attributes

communication_password
d97250ddf14876971dd138aba1919877
tor_process
tor

Targets

- Target
  
  518e36189de0efd524a3d91bf2683b9d676e3638d8d81d8e37797eca863815dc.exe
- Size
  
  10KB
- MD5
  
  4adcf3b25fc1e5194ed8610591036f12
- SHA1
  
  23c738342205fecc7d8f5c7316a861f07b0e4922
- SHA256
  
  518e36189de0efd524a3d91bf2683b9d676e3638d8d81d8e37797eca863815dc
- SHA512
  
  5d5c8db777b87249c34615a7c316f0b40fb4d0c535e4554e19d5e45972d0c7719de0f4ab893736cf60e7c87c06ce62e28025c1ceb3aeb69da7e3dd777ae74e3b
- SSDEEP
  
  192:r+BmQx19wX6KpozKteihCilpDvUYTLpFeGKzwHV5:rM3COmQiUilRNTLreYV
Score

10^/10

bitrat persistence trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- UPX dump on OEP (original entry point)
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bitratpersistencetrojanupx

behavioral2

bitratpersistencetrojanupx

© 2018-2024

Terms | Privacy