bitrat | 988e7cd8646ac763f5608f5a803d12cfa2a820e8948f06d0dcb23c2e389135eb | Triage

Submit
Reports

Overview

overview

Static

static

3

4851420654...18.exe

windows7-x64

4851420654...18.exe

windows10-2004-x64

Sharing

General

Target

4851420654d99fcd408dfec53b220a75_JaffaCakes118
Size

7.0MB
Sample

240331-arcrqsac41
MD5

4851420654d99fcd408dfec53b220a75
SHA1

7efd3ffdf899e4a247765ba4fe4a8b603dbe0f6f
SHA256

988e7cd8646ac763f5608f5a803d12cfa2a820e8948f06d0dcb23c2e389135eb
SHA512

0321e485db6933cdbcd62e63bc1fec0c7384257e6162080dfef5fd88b09ba13ad64a704956f5606af8902d39eb61560c509853cf2861e329e3833be9816f784e
SSDEEP

196608:iAmzj+5+NxAQsOfd8iaCmaE3LKln7wjK:bgjNxAQtpwOZ

Score

10^/10

bitrat persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4851420654d99fcd408dfec53b220a75_JaffaCakes118.exe

Resource

win7-20240220-en

bitrat persistence trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

4851420654d99fcd408dfec53b220a75_JaffaCakes118.exe

Resource

win10v2004-20240226-en

bitrat persistence trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

uccqm6p3b2uqka6elyimvq7hiancgmhymprzgrxd6i6u3ovwentsolqd.onion:80

93.115.35.146:9887

Attributes

communication_password
c3ad3cc69cd79cc483f5d6fdc02d052f
install_dir
java
install_file
java.exe
tor_process
javaupdate

Targets

- Target
  
  4851420654d99fcd408dfec53b220a75_JaffaCakes118
- Size
  
  7.0MB
- MD5
  
  4851420654d99fcd408dfec53b220a75
- SHA1
  
  7efd3ffdf899e4a247765ba4fe4a8b603dbe0f6f
- SHA256
  
  988e7cd8646ac763f5608f5a803d12cfa2a820e8948f06d0dcb23c2e389135eb
- SHA512
  
  0321e485db6933cdbcd62e63bc1fec0c7384257e6162080dfef5fd88b09ba13ad64a704956f5606af8902d39eb61560c509853cf2861e329e3833be9816f784e
- SSDEEP
  
  196608:iAmzj+5+NxAQsOfd8iaCmaE3LKln7wjK:bgjNxAQtpwOZ
Score

10^/10

bitrat persistence trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bitratpersistencetrojanupx

behavioral2

bitratpersistencetrojanupx

© 2018-2024

Terms | Privacy