bitrat | 00ec62acc47ff0297165650e13074aa49207441ee32d6718e72c87ea3e5b817e

Resubmissions

09-04-2024 13:06

240409-qcaa3aba2z 10

09-04-2024 13:06

09-04-2024 13:06

09-04-2024 13:06

28-08-2023 01:00

Sharing

Copy URL

Twitter E-mail

General

Target

03b9dd8b1e16ad5c2a605ad6b18493a7.bin
Size

4.8MB
Sample

240409-qb91asba2y
MD5

109700d193697797637b4ced2afdb74e
SHA1

3dde85662d63d2cd05b5ff0fac343154d95c0dc8
SHA256

00ec62acc47ff0297165650e13074aa49207441ee32d6718e72c87ea3e5b817e
SHA512

5033980fbebb1306ae39be2bd4b79f79b79789480f9b6d1e3f307610bd581030ea790ca6e0c35ab93d6b00f3b67b66e7c6584c9a4b09cd14b0eb3bea8b028a10
SSDEEP

98304:TNeeFxfl8Q0AR5sJi9zF10BOja0eLjuW3xZW+fUZyDKPjl0AMPP+W:fN0q5hV0BOjYju4k+fKwnPPv

Score

10^/10

bitrat upx

Malware Config

Extracted

Family

bitrat

Version

1.38

tcki6mrrcnrt33qy52viv7m64y6hepkv646nnzglrkbgytyt6b2hdrid.onion:80

Attributes

communication_password
827ccb0eea8a706c4c34a16891f84e7b
tor_process
dllhost

Targets

- Target
  
  06f5ae2998205719e3541415641a8afc2f5d6877b50c860df066e0e95c7ed3f3.bin
- Size
  
  7.8MB
- MD5
  
  03b9dd8b1e16ad5c2a605ad6b18493a7
- SHA1
  
  725f4473d8e09a8a9fcad2e8900dfb74623d4f18
- SHA256
  
  06f5ae2998205719e3541415641a8afc2f5d6877b50c860df066e0e95c7ed3f3
- SHA512
  
  8c5c077bd7575483b3601221b77e5b49b9acb7181fe73173dd5879cd19b6d517b5f2454390884ea87490da72cb2e37b5d476132f96415a68b209ce740c7b1c4f
- SSDEEP
  
  196608:LIRcbH4jSteTGvwxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOf:LdHsfuwxwZ6v1CPwDv3uFteg2EeJUO9E
Score

7^/10

upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Proxy

T1090

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

ACProtect 1.3x - 1.4x DLL software

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

Looks up external IP address via web service

Uses Tor communications

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4