bitrat | acec28de93d3ea0afc8d7101cadc56f07ef03492d1b398769c2d20e358b3b846 | Triage

Submit
Reports

Overview

overview

Static

static

1

0x.vbs

windows7-x64

0x.vbs

windows10-2004-x64

Sharing

General

Target

0x.png
Size

62KB
Sample

240319-zr32csgb4w
MD5

34d6b90b676cf2fe59153c0c01b59278
SHA1

396c2789cf583c24b047976dc91584aa703c067a
SHA256

acec28de93d3ea0afc8d7101cadc56f07ef03492d1b398769c2d20e358b3b846
SHA512

f20cfcd266b691c70f530b92244dd80eddbd5a5c19d1c08bd6b330ff15217e8fef5ca221adabdc75fc2ac1cb4aae8e729073fe85e13c43a89f5cb56c0310af2f
SSDEEP

1536:y9V9A9J9v9/9U9U9v9U9v9A9m9v9/9U9U9v9U9v:F

Score

10^/10

bitrat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

0x.vbs

Resource

win7-20240221-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

0x.vbs

Resource

win10v2004-20240226-en

bitrat trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://193.233.132.136/a/a.png

Extracted

Family

bitrat

Version

1.38

C2

193.233.132.136:4404

Attributes

communication_password
93d93f0d629d26b535ee4c950717ab2b
tor_process
tor

Targets

- Target
  
  0x.png
- Size
  
  62KB
- MD5
  
  34d6b90b676cf2fe59153c0c01b59278
- SHA1
  
  396c2789cf583c24b047976dc91584aa703c067a
- SHA256
  
  acec28de93d3ea0afc8d7101cadc56f07ef03492d1b398769c2d20e358b3b846
- SHA512
  
  f20cfcd266b691c70f530b92244dd80eddbd5a5c19d1c08bd6b330ff15217e8fef5ca221adabdc75fc2ac1cb4aae8e729073fe85e13c43a89f5cb56c0310af2f
- SSDEEP
  
  1536:y9V9A9J9v9/9U9U9v9U9v9A9m9v9/9U9U9v9U9v:F
Score

10^/10

bitrat trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

bitrattrojanupx

© 2018-2024

Terms | Privacy